When you think ASP, think...
Recent Articles
All Articles
ASP.NET Articles
ASPFAQs.com
Message Board
Related Web Technologies
User Tips!
Coding Tips

Sections:
Sample Chapters
Commonly Asked Message Board Questions
JavaScript Tutorials
MSDN Communities Hub
Official Docs
Security
Stump the SQL Guru!
XML Info
Information:
Feedback
Author an Article
ASP ASP.NET ASP FAQs Message Board Feedback
Print this page.
Published: Friday, January 28, 2000

A Follow-up to Encrypting the Information Passed through the Querystring

By Derrick


Due to popular demand (by the crypto guys, out there)....

- continued -

I've added a 'one time pad' to the Encrypted QueryString routine that I wrote a few days ago. The script uses a database to log and assign individual keys to each user and their actions. The script should be 99.9% secure for the exercises that we'll probably need to use it for - but for the real die hard cryptologists out there, you'd need to store every single KEYSTREAM and insure that any new key generated does not have the same seed as one previously generated.

This is easy enough to check - but in our example, I'd imagine would start to fill up your database fairly quickly - so not really worth it. The randomness of the existing KEYSTREAM should be more than enough of a deterrant.

I've now simplified the file system to just 3 files, making it easier to manage.

Give it a try and see if it's really worth adding. I'm no crypto guy - just merely improving a concept - if it does have flaws - scream at me!

regards
Derrick


Attachments:

  • Download the source code in text format
  • Download the keys.mdb database (needed!)
  • Try out the demo!


  • ASP.NET [1.x] [2.0] | ASPMessageboard.com | ASPFAQs.com | Advertise | Feedback | Author an Article