How to create an authentication token for a message sent to the server ?

Question

Hey Guys,

I am creating an iphone app in which I have to POST some data to my PHP server. For example I do a HTTP request like this:

http:example.com/append.php?data1=X&data2=Y&token=Z

X and Y are my known data and I want to calculate Z with some algorithm that takes X and Y are inputs and produce Z.

So when I receive X,Y,Z in the server I can run the opposite of the same algorithm there to verify the originality of X and Y.

I don't know what to use to form the Z. Can someone help me please ?

Thanks

Answer 1

This is how I do it. I create a md5 hash from a salt.data1.data2. The salt is only known by the client app and the server.

If you recalculate the hash on the server, and the token is the same, the data is ok.

$salt = "test";
$token = md5($salt.$data1.$data2);

(The Z in your explanation becomes the md5 hash calculated from salt + data1 + data2.)

Answer 2

Hashes and Salts.

If your only goal is to verify the originality of x and y you can create a salted hash out of the two values. This means that you're taking x, y, and a salt (password known by both the server and the client) and create a hash out of it. So you would create this on both sides and compare the values. Something like this:

$x = 435345;
$y = 2323;
$salt = 'password';
$token = md5($x.$y.$salt);

Answer 3

This article explains on how to implement MD5 in Obj C

http://www.saobart.com/md5-has-in-objective-c/