On Mon, 2005-10-10 at 07:46 -0700, Paul Rubinhttp: wrote: > rbt <[EMAIL PROTECTED]> writes: > > > Instead, for client #i, let that client's key be something like > > > hmac(your_big_secret, str(i)).digest() > > > and the client would send #i as part of the string. > > > > How is this different from sending a pre-defined string from the client > > that the server knows the md5 hash of? The clients know the string, the > > server knows the hash of that string. > > I'm confused, I don't understand what that md5 whatever would do for you. > I'm assuming the server is secure and the clients are less secure. > > > Also, could this not be done both ways? So that, if an attacker figures > > out the string he's supposed to send from a client to the server (which > > he could easily do). He could not easily figure out the string the > > server should send back as all he would have is the hash of that string. > > I'm still confused
OK, we'll leave it at that and just accept that we're from different planets ;) Thanks for the help. -- http://mail.python.org/mailman/listinfo/python-list
