Hiding token information from users

Nobody nobody at nowhere.com
Wed Aug 24 19:47:37 CEST 2011


On Tue, 23 Aug 2011 06:27:39 -0700, Tobiah wrote:

> I am making QR codes that cell phone users scan in order to make use of an
> application.  Part of the information is a token that needs to be passed
> on to the server, but I'd rather not allow a person examining the QR code
> to be able to see that plain bit of information.  I'd like to scramble up
> the token so that the result:

Can you not just encrypt the data with a fixed secret key?

A fixed key satisfies #2.

#3 can almost be satisfied by using base-64, or can be entirely satisfied
by using base-36 or base-62 (these are less efficient, but that doesn't
matter for small amounts of data).

#1 can be satisfied by compressing the text beforehand; this should almost
exactly compensate for the expansion caused by #3.

Any block cipher in CBC mode will satisfy #4 (it will even be satisfied in
ECB mode if the compressed token is smaller than the cipher block size).




More information about the Python-list mailing list