I think you're heading down the wrong path, my friend. You're doing way more work than you need. Before asking how to implement such a detailed process (which seems more like a patchwork of random phrases from Applied Cryptography), you need to define exactly what you're trying to protect, who you're trying to protect it from, and who your users are. Furthermore, your description sounds like a reinvention of HTTP digest authentication, among other things. Keep in mind that proprietary security solutions are very rarely found to be secure, once tested by experts. Using "some weird CPU's" is not a valid reason for avoiding established algorithms and protocols. Open, established systems for crypto and authentication already exist, and are used every day by people with very strong security requirements. Standards like AES have been pounded, beaten, smashed, and run over by the top crypto experts in the world. I think you're misled in thinking you have to start from scratch. By the way, spell check is your friend. "Authentication" and "cryptography" don't contain F's. At 01:57 AM 4/16/2002, Raymond Paskvyl of Unreal wrote: > I have do make 'server autentification' thingy. For several reasons, >it >have to be made by ourself - _everything_. We can't use any form of any >library (because we will run at some wierd CPU's etc.). ---snip--- Ted Behling, Web Application Developer Monarch Information Systems, Inc. tbehlingat_private
This archive was generated by hypermail 2b30 : Fri Apr 19 2002 - 18:06:16 PDT