Loading Profile...
security through obscurity?
re: email confirmation
goodness! Is that security through obscurity?? Why such long tokens??
goodness! Is that security through obscurity?? Why such long tokens??
I’m giddy
1
person has this question
I have this question, too!
Tell me when someone answers.
The more people who ask this question, the more it gets noticed.
The more people who ask this question, the more it gets noticed.
-
Inappropriate?It just has to do with how we are producing the digests. In this case, we are producing a base64 encoded token from an SHA1 hex digest string.
Obviously, we could cut that length down from 57 to 27 by actually base64 encoding the binary digest as opposed the the hex string (which is a bug I will fix by the way).
The thing to know is that our tokens are time-based, and contain user specific as well as system specific salt.
We salt both ways such that we can revoke tokens system-wide (if for example we have a security breach) by updated one piece of data, as well as on a per user basis. User specific salting also makes it much harder for a hacker that gets hold of our database to extract passwords for our user table: They can't use pre-made rainbow tables or other such trickery to speed up the process.
EMPLOYEE
