Hacker News new | comments | show | ask | jobs | submit login

If you don't trust your random numbers to begin with, signing one with another doesn't help you. As Vendan points out, it's worse. Just keep it simple.

    > to prevent someone from trying to brute force ID generation
That's the point of using a large securely-random number.

It's beautifully simple to give the client nothing more than a large random number to authenticate them.




Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: