I am looking for an algorithm to change it’s keys every period and can still be deciphered.
Basically I am looking for a way to maintain a secured link between mobile clients and a stationary server in such a way that even if you intercepted the hash or even the authentication credentials themselves they would change on both sides every period.
Does it ring a bell to anyone?
Is there a better way to ensure that even if you will intercept the authentication credentials somehow it will only be valid to a certain request from a certain user?
I am looking for an algorithm to change it’s keys every period and can
Share
i’d recommend SSL instead of implementing some encryption algorithm yourself (it WILL be broken if the data you are trying to protect is important enough!). SSL is well tested. with SSL you can use certificates instead of logins/passwords. SSL prevents replay and man in the middle attacks (it uses a handshake at the beginning to make sure a new session key is used for every connection and that both parties are who they claim to be).
another interesting thing that comes to mind is RSA’s SecurID. it provides a hardware key that changes every 60 seconds: http://www.rsa.com/node.aspx?id=1156