tags:

views:

280

answers:

4
+7  Q: 

Generating a token that I can prove I generated

I need to generate random tokens so that when I see them later I can determine absolutely that they were actually generated by me, i.e. it should be near impossible for anyone else to generate fake tokens. It's kind of like serial number generation except I don't need uniqueness. Actually, its a lot like a digital signature except I am the only one that needs to verify the "signature".

My solution is as follows:

  1. have a secret string S (this is the only data not in the open)
  2. for each token, generate a random string K
  3. token = K + MD5(K + S)

to validate the token is one I generated:

  1. split incoming token into K + H
  2. calculate MD5(K + S), ensure equal to H

It seems to me that it should be impossible for anybody to reliably generate H, given K without S. Is this solution too simplistic?

+1  A: 

That's not too simplistic, that's certainly a valid way to implement a simple digital signature.

Of course, you can't prove to anybody else that you generated the signature without revealing your secret key S, but for that purpose you would want to use a more sophisticated protocol like PKI.

Greg Hewgill  2008-11-27 06:43:29
+1  A: 

Just to nitpick a bit you would prove only that whomever has access to S could have generated the token. Another little detail: use a better hash, like SHA256. Because if Mallory is able to generate a collision, she doesn't even need to know S.

Vinko Vrsalovic  2008-11-27 06:47:29
+4  A: 

Check out HMAC.

Dustin  2008-11-27 06:48:05
HMAC also intends to validate the message. But of course it's a safer approach at almost no extra cost.
Vinko Vrsalovic  2008-11-27 06:52:03
Definitely a MAC application, since it's you proving it to yourself. Not sure they apply here, but replay attacks need careful consideration. The OP's on the right track, but use an accepted MAC algorithm rather than trying to reinvent one.
erickson  2008-11-28 05:37:54
+2  A: 

The solution you presented is on the right track. You're essentially performing challenge-response authentication with yourself. Each token can consist of a non-secret challenge string C, and HMAC(C, K) where K is your server's secret key.

To verify a token, simply recompute the HMAC with the supplied value of C and see if it matches the supplied HMAC value.

Also, as Vinko mentioned, you should not use MD5; SHA-256 is a good choice.

Chris Kite  2008-11-27 07:01:52

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security