[Project_owners] Protecting a Shared Secret

Michael Johnston special.michael at gmail.com
Thu May 25 14:11:27 EDT 2006


does licensing require that you make efforts not to leave the key readable?
if not it's not your problem, it's the person who designed such a
flawed API access restriction

On 5/25/06, Brian King <brian at mozdev.org> wrote:
> Jippen wrote:
> > Why not use a one-way hash of the secret? Say, md5 and salt the thing,
> > then compare it with a hash stored on the machine. If it is good, send
> > out the hash to the server, who does the same thing.
>
> Well, for one thing, the API is 3rd party so we have no control of the
> server code.
>
> --
> Brian King
> www.mozdev.org - free project hosting for the Mozilla community
> _______________________________________________
> Project_owners mailing list
> Project_owners at mozdev.org
> http://mozdev.org/mailman/listinfo/project_owners
>


More information about the Project_owners mailing list