The salt goes into the encrypted document -- it's just there so that even if you have the MD5 hash of the identifier, you don't know the actual key.
It's in one of the PKCS documents from RSA; PKCS5, I think.
Actually, it's the client's job to do both the hashing and the encryption -- that way, no plaintext is ever transmitted over the wire. What I'm actually writing is a proxy that does all of the necessary magic on behalf of an ordinary browser running on the same machine, or at least the same LAN.
I can talk about it because it'll all be open source fairly soon; there are no IP protection issues because I found prior art in the public domain, after re-inventing the technique independently.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: I'm still not quite certain what you're looking at...
Date: 2004-09-24 04:17 pm (UTC)It's in one of the PKCS documents from RSA; PKCS5, I think.
Actually, it's the client's job to do both the hashing and the encryption -- that way, no plaintext is ever transmitted over the wire. What I'm actually writing is a proxy that does all of the necessary magic on behalf of an ordinary browser running on the same machine, or at least the same LAN.
I can talk about it because it'll all be open source fairly soon; there are no IP protection issues because I found prior art in the public domain, after re-inventing the technique independently.