Hiding token information from users
nobody at nowhere.com
Wed Aug 24 19:47:37 CEST 2011
On Tue, 23 Aug 2011 06:27:39 -0700, Tobiah wrote:
> I am making QR codes that cell phone users scan in order to make use of an
> application. Part of the information is a token that needs to be passed
> on to the server, but I'd rather not allow a person examining the QR code
> to be able to see that plain bit of information. I'd like to scramble up
> the token so that the result:
Can you not just encrypt the data with a fixed secret key?
A fixed key satisfies #2.
#3 can almost be satisfied by using base-64, or can be entirely satisfied
by using base-36 or base-62 (these are less efficient, but that doesn't
matter for small amounts of data).
#1 can be satisfied by compressing the text beforehand; this should almost
exactly compensate for the expansion caused by #3.
Any block cipher in CBC mode will satisfy #4 (it will even be satisfied in
ECB mode if the compressed token is smaller than the cipher block size).
More information about the Python-list