Hacker News new | comments | ask | show | jobs | submit login

If you don't trust your random numbers to begin with, signing one with another doesn't help you. As Vendan points out, it's worse. Just keep it simple.

    > to prevent someone from trying to brute force ID generation
That's the point of using a large securely-random number.

It's beautifully simple to give the client nothing more than a large random number to authenticate them.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact