On May 19, 2006, at 12:51 PM, Charles Yeomans wrote:
How about it cryptographers? Is this reasonably secure, or just
an exercise in security by obscurity?
The solution is not hard. Each time you generate a stream for
encryption, it needs to be different. This is true for any stream
cipher. What you do is change the key each time, usually by adding
some random data. Then you need to some way to remember the data...
The method I mentioned is only part of my system. I use a Challenge-
Response technique during the login which uses a random hash to
create this seed on both ends. Both the client and the server will
apply this challenge seed value and MD5() the results before
transmitting.
It is not SSL, but it works pretty well for systems which SSL is
expensive or not an option.
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
