|
|
 |
|
|
Published: Friday, January 28, 2000 By Derrick Due to popular demand (by the crypto guys, out there)....
I've added a 'one time pad' to the Encrypted QueryString routine that I wrote a few days ago. The script uses a database to log and assign individual keys to each user and their actions. The script should be 99.9% secure for the exercises that we'll probably need to use it for - but for the real die hard cryptologists out there, you'd need to store every single KEYSTREAM and insure that any new key generated does not have the same seed as one previously generated. This is easy enough to check - but in our example, I'd imagine would start to fill up your database fairly quickly - so not really worth it. The randomness of the existing KEYSTREAM should be more than enough of a deterrant. I've now simplified the file system to just 3 files, making it easier to manage. Give it a try and see if it's really worth adding. I'm no crypto guy - just merely improving a concept - if it does have flaws - scream at me!
regards
Attachments: keys.mdb database (needed!)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
