开发者

How would you generate a key that is only valid for three months?

I am wondering if it is possible to generate a "key" that is valid for a period of (approximately) three months?

For example, let's say (hypothetically) that I generate a key like this (pseudocode):

Key = HASH ( MachineID, Salt );

And the way I verify a key is valid is to check like this:

isValid(Key)
{
   return Key == HASH ( MachineID, Salt )
}

How would you extend this to generate a key like this:

Key = HASH ( MachineID, Salt, LastMonth, ThisMonth, NextMonth );

But still have your isValid work correctly?

One way I can see is:

isValid(Key)
{
   return Key == HASH ( MachineID, Salt, (LastMonth), (ThisMonth), (NextMonth) )
   || Key == HASH ( MachineID, Salt, (LastMonth-1), (LastMonth), (ThisMonth) )
   || Key == HASH ( MachineID, Salt, (ThisMonth), (ThisMonth+1), (ThisMonth+2) )
}

But I would like to know if any b开发者_Python百科etter ideas come to mind.


A typical way of doing this is to compose a cleartext message explaining what is needed to reach the key, which is then followed by the secure digest. You would thus return something like

function Key(password, expriry) {
    return "Expires: " + dateformat(expiry) +
           HASH(salt + expiry + password)
}

Note that the returned key contains the expiration date in clear text, but also includes it in the digest so that it cannot be tampered with. As always, it's not necessary to decode the digest, only verify that the same inputs produced the same digest.


One idea is to use a unix timestamp, and then cut it in a number of bits that makes it have a precision of about 3 months.

For example: 1275068416 ( Fri, 28 May 2010 17:40:16 GMT )

is equal to:

010011000 00000000000000000000000

If we save 9 bits of that in the hash, and the 9th bit change:

010011001 00000000000000000000000

it will be equal to: 1283457024 ( Thu, 02 Sep 2010 19:50:24 GMT )

The difference is: 97 days, 2 hours, 10 minutes, 8 seconds

Which is 7 days more than 3 months.

Lets say the 9th bit change again (in a forward direction):

010011010 00000000000000000000000

is equal to: 1291845632 ( Wed, 08 Dec 2010 22:00:32 GMT ) which has a difference of: 97 days, 3 hours, 10 minutes, 8 seconds from 1283457024 ( Thu, 02 Sep 2010 19:50:24 GMT ).

So try it out, save the 9 first bits of a strictly 32bit unix timestamp in the hash, and you will get a validity of three months. Note that the validity is in blocks of three months, so if you generate a key in the end of a three month period, (lets say Tue, 07 Dec 2010 22:00:32 GMT) it will only be valid in a shorter time.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜