tags:

views:

58

answers:

1
+1  Q: 

How would you generate a key that is only valid for three months?

Hi,

I am wondering if it is possible to generate a "key" that is valid for a period of (approximately) three months?

For example, let's say (hypothetically) that I generate a key like this (pseudocode):

Key = HASH ( MachineID, Salt );

And the way I verify a key is valid is to check like this:

isValid(Key)
{
   return Key == HASH ( MachineID, Salt )
}

How would you extend this to generate a key like this:

Key = HASH ( MachineID, Salt, LastMonth, ThisMonth, NextMonth );

But still have your isValid work correctly?

One way I can see is:

isValid(Key)
{
   return Key == HASH ( MachineID, Salt, (LastMonth), (ThisMonth), (NextMonth) )
   || Key == HASH ( MachineID, Salt, (LastMonth-1), (LastMonth), (ThisMonth) )
   || Key == HASH ( MachineID, Salt, (ThisMonth), (ThisMonth+1), (ThisMonth+2) )
}

But I would like to know if any better ideas come to mind.

+7  A: 

A typical way of doing this is to compose a cleartext message explaining what is needed to reach the key, which is then followed by the secure digest. You would thus return something like 

function Key(password, expriry) {
    return "Expires: " + dateformat(expiry) +
           HASH(salt + expiry + password)
}

Note that the returned key contains the expiration date in clear text, but also includes it in the digest so that it cannot be tampered with. As always, it's not necessary to decode the digest, only verify that the same inputs produced the same digest.

TokenMacGuy  2010-07-15 07:44:20
Thanks, but this requires the end application to know the expiry date. Is there any way for the end application to do a "here is today's date" is that valid for this key? Edit: Having reviewed, I see the solution is to make sure the user types in the expiry as well. It's a solution but I'm still curious if there's a better way.
Graphain  2010-07-15 07:49:30
@Graphain: Well, the idea is to encode the expiry date into the "key" - you can always encode the expiry date as a couple of bytes (two bytes is enough for 180 years worth of days!), so the "key" is just lengthened by two bytes and the user has no idea that part of it is a date.
caf  2010-07-19 02:35:16
@caf, yes but when decoding I do not know the expiry date, just the current date and I was hoping there was a method that the key could only be decrypted if the current date is less than the expiry date.
Graphain  2010-07-19 02:47:41
@Graphain: When decoding you extract the expiry date from the composite key.
caf  2010-07-19 02:54:44
@caf - Yeah I get that and it's probably the best way.
Graphain  2010-07-19 05:48:04

related questions

How to transition to Functional Programming
List of the top Programming "shows"
How to contribute code back to an Open Source project?
What is Test Driven Development (TDD)?
pass by reference or pass by value?
Could you recommend a good free project hosting website?
Writing A "Conway's Game of Life" Program
Learning to write a compiler
How can I modify .xfdl files? (Update #1)
Followup: "Sorting" colors by distinctiveness
Followup: Finding an accurate "distance" between colors
Windows Help files - what are the options?
A little diversion into floating point (im)precision, part 1
Internationalization in your projects
Efficiently get sorted sums of a sorted list
Format string to title case
GUI Programming APIs
Using combinations of sets as test data
What books would you recommend for a beginning Software Developer?
The Definitive Guide To Website Authentication
What is your solution to the FizzBuzz problem?
Generate list of all possible permutations of a string
When to use unsigned values over signed ones?
Function for creating color wheels
Fastest way to get value of pi