To read the article online, visit http://www.4GuysFromRolla.com/webtech/012800-2.shtml

A Follow-up to Encrypting the Information Passed through the Querystring

By Derrick


Due to popular demand (by the crypto guys, out there)....

I've added a 'one time pad' to the Encrypted QueryString routine that I wrote a few days ago. The script uses a database to log and assign individual keys to each user and their actions. The script should be 99.9% secure for the exercises that we'll probably need to use it for - but for the real die hard cryptologists out there, you'd need to store every single KEYSTREAM and insure that any new key generated does not have the same seed as one previously generated.

This is easy enough to check - but in our example, I'd imagine would start to fill up your database fairly quickly - so not really worth it. The randomness of the existing KEYSTREAM should be more than enough of a deterrant.

I've now simplified the file system to just 3 files, making it easier to manage.

Give it a try and see if it's really worth adding. I'm no crypto guy - just merely improving a concept - if it does have flaws - scream at me!

regards
Derrick


Attachments:

  • Download the source code in text format
  • Download the keys.mdb database (needed!)
  • Try out the demo!


  • Article Information
    Article Title: A Follow-up to Encrypting the Information Passed through the Querystring
    Article Author: Derrick
    Published Date: Friday, January 28, 2000
    Article URL: http://www.4GuysFromRolla.com/webtech/012800-2.shtml


    Copyright 2017 QuinStreet Inc. All Rights Reserved.
    Legal Notices, Licensing, Permissions, Privacy Policy.
    Advertise | Newsletters | E-mail Offers