There have been quite a few inquiries already about the security model of the widget factory and if there was a way to remove the need for a hash generation from the algorithm. After taking another look at the security model and sampling what else is out there for embeddable module security, I am still convinced that the SHA1 hash algorithm provides most benefits without putting too much integration burden on the developer:
-
This algorithm is already widely used by many service providers for one-way integration with their systems;
-
The security of the model is adequate. Breaking the hash is not impossible, but it's highly improbable. And even if the hash got broken, all you need to do is update your Preshared Key (PSK) to neutralize the effect;
-
The amount of effort required on the integrator's side is minimal. Since the developer already has access to all the parameters that comprise the source string of the hash, there is no extra work that is really needed;
-
SHA1 libraries are available off-the-shelf for most popular development platforms, including .NET, Java, PHP, PERL, Python, etc.;
-
Hey, we like our implementation, isn't this a good enough reason?
Feel free to comment on the implementation or suggest alternatives - we are always open to new ideas. In the meantime: happy coding!
Currently rated 3.0 by 1 people
- Currently 3/5 Stars.
- 1
- 2
- 3
- 4
- 5