On Thu, 7 Aug 2003, Brian Candler wrote:


> I'm not sure why you want a nonce here; just a hash of (message + shared
> secret) will do. But if you're paranoid you'll sign your objects with a
> timestamp as well.

Initial authentication, and the nonce means they can't just forge
the hashed passwd, and use that never-changing hash to authenticate
themselves.  I time out the nonce, so responses which are too
late won't be accepted.

>
> Try the code below. You can store session objects in a HTML input field like
> this, or if the objects are small enough they can be sent to the browser as
> a cookie!
>
> Regards,
>
> Brian.
>
>
>   class SecureMarshall
>     def initialize(secret, lifetime = 3600)
>       require 'digest/md5'
        [...error checking...]
>       @secret = secret
>       @lifetime = lifetime
>     end
>
>     def encode(obj)
>       out = Marshal.dump([obj, Time.now.to_i + @lifetime])
>       [Marshal.dump([out, Digest::MD5::digest(out + @secret)])].  \
> 		pack("m").gsub(/\n/,'')   # base64 encode
>     end

        [...]
>

This only works on one machine, and leaves the secret lying around
in memory (@secret).  You can't really pass this object over the net
without exposing the secret.  This is the sort of subtlety that
catches me out every time!

        Hugh