Nicholas Jefferson <[email protected]> writes:
>> Why? Because cryptography is pretty hard, but implementing a good
>> crypto-system that doesn't leak data, allow attackers to change fairly
>> arbitrary bits, to run tests against your system to recover the secret key,
>> or
>> determine exactly what to change ... that stuff is hard for experts.
>
> If no confidential information will be stored in the cookie then you don't
> need to encrypt it, you just need a message authentication code, like HMAC
> [1], to ensure its integrity.
Yup.[1] The context I was responding to was avoiding server-side sessions; my
strong preference is to use a client-side tog for a server-side session (inna
database, for lack of a better shared storage mechanism) with either an HMAC
or an authentication-and-encryption mode to deliver the same thing.
Daniel
Footnotes:
[1] ...though the same advice applies: HMAC is still hard, so you probably
shouldn't write your own. :)
--
✣ Daniel Pittman ✉ [email protected] ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
