|P is for Practical|
Re^2: [OT?] Sanity check... (On MD5, 3DES, Cookies and other animals)by smullis (Pilgrim)
|on Nov 05, 2004 at 17:58 UTC||Need Help??|
This is certainly a fair comment...
As far as I understand MD5 (or SHA1) are simply one-way functions with no key involved. I would like to use something that ensures the validity of the source of the cookie data - and digital signing with a private key would seem - to me at least - to be the way forward. I have not yet put any thought into what asymmetric enryption scheme to use... 3DES v. AES etc.
To resummarise / clarify the requirements:
Apologies if I am still not making myself clear!!