How to create a time limited hash/key?

2019-07-02 21:53发布

I am trying to create a time limited key to use in one of my applications. The key is used to unlock certain bits of functionality in an application.

My thinking so far is

to generate: cryptographic hash the various bits of info I need + key generation date

to validate: cryptographic hash the various bits of info I need + date now

if all the info is the same and the date is the same I get the same value

But,

this means the key will only work on a certain date. What I want is a key that is valid for the next 24 hours (or extending this, few days/week/month).

I can extend the period but there is always the possibility of generating the key just before the period expires, like the last day of the month for a month key.

Firstly, is this an acceptable way of proceeding at all? If so, how do I do it?

I am aware that "winding" the clock back will defeat the system - but I am still interested in getting some opinions

I have read How do I generate a time limited key or password without storing data which is a similar issue.

标签： security hash cryptography

1条回答

爱情/是我丢掉的垃圾

2楼-- · 2019-07-02 22:19

You can make the expiration date part of the token and authenticate the whole data with an MAC like HMAC:

token = data ":" expiration ":" HMAC(key, data ":" expiration)

To validate the token, all you need is to compare the given expiration datum and regenerate the MAC for the provided data with the secret key.

If any of the provided parameters were tampered, the MAC will be different as one needs the secret key to generate an authentic MAC.

0人赞添加讨论(0) 举报

How to create a time limited hash/key?

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间