Is it reasonable to use a date as a salt when hashing data?

Z

zednight2013-12-18 09:31:25

PHP

zednight, 2013-12-18 09:31:25

I need to request data from a third party web server that is accessible from the internet. There is access to the server, but with very limited rights. To check that the requests come from me, I send a hash along with the data, the server also hashes the data, and if the hashes match, it returns the information. Question: how rational is it to use a date as a salt when hashing? Will it increase the protection of the system or lower it? Are there any other simple solutions for client validation? (I don’t offer sessions, because I get the content of file_get_contents (), I also don’t want to implement soap for the sake of one request)

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry Guketlev, 2013-12-18
@zednight

The date may be out of sync on the servers. Use your normal password as the salt, i.e. pass hash from (all important data + password).
True, this will not protect you from the fact that the same message is transmitted twice, you need to allow this at the logic level. Those. not just send "deposit account of client id by $100", but "deposit account of user id by $100, payment id id_pay". And already on the receiving side to check that there was no such payment.
It turns out a secure system: it is impossible to generate a new valid message without a password, and it is also impossible to send an intercepted message a second time.
Or you can secure link-level communications with certificates.