I have a JS File delivered over HTTPS and a randomly generated shared secret (which will expire after a while and be renewed via HTTPS) delivered via HTTPS. Both available on Side A and B of the communication.
Now i need to send messages from A to B over an HTTP channel (possibly unprotected WiFi) and those need to be replay-safe, so i need to sign them using a challenge and the shared secret.
Since i only have to exchange short messages (commands) i would even accept the overhead of salted challenge response.
The shared Secret might not be renewed for maybe a day, so i don't want it to be to easy to crack using rainbow tables and such.
Now what existing lib/algo should i use to approach this? I do know i shouldn't "bake my own crypto" and hope that there are existing libraries, safe enough to use.
Aucun commentaire:
Enregistrer un commentaire