Brian, You should look into Diffie-Helman Key Exchange
>From http://en.wikipedia.org/wiki/Diffie-Hellman: "Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher." The salted hash idea isn't a good one IMHO because all an attacker needs is the salted hash to impersonate you. That can be retrieved and/or calculated from the source in the same way a hard-coded secret key can. -Eric --- Michael Johnston <[EMAIL PROTECTED]> wrote: > does licensing require that you make efforts not to leave the key > readable? > if not it's not your problem, it's the person who designed such a > flawed API access restriction > > On 5/25/06, Brian King <[EMAIL PROTECTED]> wrote: > > Jippen wrote: > > > Why not use a one-way hash of the secret? Say, md5 and salt the > thing, > > > then compare it with a hash stored on the machine. If it is good, > send > > > out the hash to the server, who does the same thing. > > > > Well, for one thing, the API is 3rd party so we have no control of > the > > server code. > > > > -- > > Brian King > > www.mozdev.org - free project hosting for the Mozilla community > > _______________________________________________ > > Project_owners mailing list > > [email protected] > > http://mozdev.org/mailman/listinfo/project_owners > > > _______________________________________________ > Project_owners mailing list > [email protected] > http://mozdev.org/mailman/listinfo/project_owners > _______________________________________________ Project_owners mailing list [email protected] http://mozdev.org/mailman/listinfo/project_owners
