On 12/22/2004 07:47 PM, Florian Weimer wrote:
>> secret = SHA1(site_secret, session_id)
>>
>>or, in the absence of explicit sessions:
>>
>> secret = SHA1(site_secret, user_id, user_password)
>
> This is a HMAC, and should be implemented as such, see RFC 2104.
On 12/22/2004 07:47 PM, Florian Weimer wrote:
>> secret = SHA1(site_secret, session_id)
>>
>>or, in the absence of explicit sessions:
>>
>> secret = SHA1(site_secret, user_id, user_password)
>
> This is a HMAC, and should be implemented as such, see RFC 2104.
We don't need the full streng...
[ more ]