A quick link in my chain tonight as I try to get session IDs MD5 encoded in my (fab) game. Fab.js proper does not have any crypto support, so I need to drop down to node.js.
Happily node.js has a well documented crypto module (then again, everything in node.js is well documented). If I have
var data="asdf", I can md5 sign it with:var data = "asdf";In my (fab) game, I want to set a new, signed session ID if one is not already present:
var crypto = require('crypto');
crypto.createHash('md5').update(data).digest("hex");
// '912ec803b2ce49e4a541068d495ab570'
function player_from_querystring() {
var out = this;
return function(head) {
if (head && head.url && head.url.search) {
var uniq_id;
if (/MYFABID=(\w+)/.test(head.headers.cookie)) {
uniq_id = RegExp.$1;
}
else {
var crypto = require('crypto');
uniq_id = crypto.
createHash('md5').
update("" + (new Date()).getTime()).
digest("hex");
}
// Other player setup...
}
else {
out();
}
};
}There is no need for salt or SHA-1. This is a kid's game. I am simply taking reasonable steps to ensure uniq session IDs. If my kids can break this, more power to them.That gives my nice md5 session IDs:
Actually, I have no need for
crypto anywhere else, so I can compress that to:That will have to suffice as a good stopping point for tonight. Up tomorrow, possibly some more refactoring under test.
uniq_id = require('crypto').
createHash('md5').
update("" + (new Date()).getTime()).
digest("hex");
Day #149
Thanks for the md5 hashing code, was trying to get some extra module working until I thought of the crypto module and your example helper.
ReplyDeleteCheers
merci bc
ReplyDelete