I''m in the middle of creating an API for our app and wanted to get some feedback on the best way to generate unique APIKEY''s for each account. Similar to Basecamp''s API keys for example. md5 hash of username:password? base64 encoding? random string of characters? Thanks in advance. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I would use a completely random hex code. I would seriously avoid hashing the username & password, that leaves all your users vunerable to a dictionary attack. On Fri, Aug 29, 2008 at 10:48 AM, Marston A. <marston-8Qo2DTIsO68RmelmmXo44Q@public.gmane.org> wrote:> > I''m in the middle of creating an API for our app and wanted to get > some feedback on the best way to generate unique APIKEY''s for each > account. Similar to Basecamp''s API keys for example. > > md5 hash of username:password? base64 encoding? random string of > characters? > > Thanks in advance. > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks Joe, Yeah from what I''ve seen so far many people use a SHA1 hex code based on Time.now plus some other random numbers. On Aug 30, 4:24 am, "Joe K" <trogdo...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I would use a completely random hex code. I would seriously avoid hashing > the username & password, that leaves all your users vunerable to a > dictionary attack. > > On Fri, Aug 29, 2008 at 10:48 AM, Marston A. <mars...-8Qo2DTIsO68RmelmmXo44Q@public.gmane.org> wrote: > > > I''m in the middle of creating an API for our app and wanted to get > > some feedback on the best way to generate unique APIKEY''s for each > > account. Similar to Basecamp''s API keys for example. > > > md5 hash of username:password? base64 encoding? random string of > > characters? > > > Thanks in advance.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Aug 30, 9:11 am, "Marston A." <mars...-8Qo2DTIsO68RmelmmXo44Q@public.gmane.org> wrote:> Thanks Joe, > > Yeah from what I''ve seen so far many people use a SHA1 hex code based > on Time.now plus some other random numbers.You could have a look at the code rails uses for generating the secrets used for forgery protection (rake secret) Fred> > On Aug 30, 4:24 am, "Joe K" <trogdo...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > I would use a completely random hex code. I would seriously avoid hashing > > the username & password, that leaves all your users vunerable to a > > dictionary attack. > > > On Fri, Aug 29, 2008 at 10:48 AM, Marston A. <mars...-8Qo2DTIsO68RmelmmXo44Q@public.gmane.org> wrote: > > > > I''m in the middle of creating an API for our app and wanted to get > > > some feedback on the best way to generate unique APIKEY''s for each > > > account. Similar to Basecamp''s API keys for example. > > > > md5 hash of username:password? base64 encoding? random string of > > > characters? > > > > Thanks in advance.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
You could use UUIDs. http://blog.labnotes.org/2005/10/18/ruby-uuid-generator/ http://en.wikipedia.org/wiki/UUID On Aug 29, 10:48 am, "Marston A." <mars...-8Qo2DTIsO68RmelmmXo44Q@public.gmane.org> wrote:> I''m in the middle of creating an API for our app and wanted to get > some feedback on the best way to generate unique APIKEY''s for each > account. Similar to Basecamp''s API keys for example. > > md5 hash of username:password? base64 encoding? random string of > characters? > > Thanks in advance.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---