[Nitro] two way crypt function

Trans transfire at gmail.com
Sat Nov 10 20:24:54 EST 2007



On Nov 10, 5:23 pm, Timothy <interfe... at gmail.com> wrote:
> HMAC is not appropriate for this! HMAC is for authentication over a network,
> not for encryption.

Currently authentication is all George is doing and that's what I was
suggesting it for. Also, HMAC is a part of OpenSSL.

I think if you go so far as to enrypt cookies, you should consider
carefully if you should be using cookies to begin with. Also don't
bother encrypting any cookie that doesn't really need to be. I
couldn't care less if anyone finds out my shoe size ;)

T.



More information about the Nitro-general mailing list