develooper Front page | perl.beginners | Postings from March 2002

Re: Creating a Unique Key

Thread Previous | Thread Next
From:
Tagore Smith
Date:
March 28, 2002 12:03
Subject:
Re: Creating a Unique Key
Message ID:
01cb01c1d692$cac10060$0300a8c0@optonline.net

Nikola Janceski wrote:


> Uh... exactly what are you going to be using it for?
> You might want to check out the function call crypt() in the perlfunc
pages.
>
> > -----Original Message-----
> > From: Gregory Matthews [mailto:gregory@iwebtips.com]
> > Sent: Thursday, March 28, 2002 2:30 PM
> > To: beginners@perl.org
> > Subject: Creating a Unique Key
> >
> >
> > What is the best way to create a unique, almost impossible to guess,
> > KEY, i.e., ftu880oli88UI8flpq, which can in turn be used as part of a
> > security string, i.e., username: ftu880oli88UI8flpq ?

Check out:


http://www.cs.cornell.edu/People/egs/syslunch-spring02/syslunchsp02/webauth_
tr.pdf

It details how the authors weakened or broke the authentication mechanisms
of a number of prominent e-commerce sites, and gives background information
on doing authentication well. One of the things it talks about is the
weakness of the authentication scheme at the Wall Street Journal's web page
caused by a misunderstanding of how crypt works.

They do propose a stronger authentication scheme.

Tagore Smith




Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About