Answer the question
In order to leave comments, you need to log in
Is it reasonable to use a date as a salt when hashing data?
I need to request data from a third party web server that is accessible from the internet. There is access to the server, but with very limited rights. To check that the requests come from me, I send a hash along with the data, the server also hashes the data, and if the hashes match, it returns the information. Question: how rational is it to use a date as a salt when hashing? Will it increase the protection of the system or lower it? Are there any other simple solutions for client validation? (I don’t offer sessions, because I get the content of file_get_contents (), I also don’t want to implement soap for the sake of one request)
Answer the question
In order to leave comments, you need to log in
The date may be out of sync on the servers. Use your normal password as the salt, i.e. pass hash from (all important data + password).
True, this will not protect you from the fact that the same message is transmitted twice, you need to allow this at the logic level. Those. not just send "deposit account of client id by $100", but "deposit account of user id by $100, payment id id_pay". And already on the receiving side to check that there was no such payment.
It turns out a secure system: it is impossible to generate a new valid message without a password, and it is also impossible to send an intercepted message a second time.
Or you can secure link-level communications with certificates.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question