Chris's Wiki :: blog/web/KeyPlusAuthenticator Commentshttps://utcc.utoronto.ca/~cks/space/blog/web/KeyPlusAuthenticator?atomcommentsDWiki2011-08-14T16:04:28ZRecent comments in Chris's Wiki :: blog/web/KeyPlusAuthenticator.From 173.32.146.8 on /blog/web/KeyPlusAuthenticatortag:CSpace:blog/web/KeyPlusAuthenticator:0ed742c6b0d901f51c6b39055eae3257adf1d6ffFrom 173.32.146.8<div class="wikitext"><p>That's an interesting idea, but why not just AES 128 encrypt the auto_incrementing index, then base64 encode that? Then you can decrypt it on the other side and look it up in the database.</p>
<p>-- Eric Gerlach <a href="http://eric.gerlach.ca">http://eric.gerlach.ca</a></p>
</div>2011-08-14T16:04:28ZFrom 124.148.171.149 on /blog/web/KeyPlusAuthenticatortag:CSpace:blog/web/KeyPlusAuthenticator:6571e366637e67e129bd1c87afb7559c7c8d9900From 124.148.171.149<div class="wikitext"><p>I have used HMACs for this in the past. They save me having to store the access keys. I just have one server-side secret and use it to generate easily verifiable URLs.</p>
</div>2011-08-10T11:39:04Z