I'm in the middle of creating an API for our app and wanted to get some feedback on the best way to generate unique APIKEY's for each account. Similar to Basecamp's API keys for example.
md5 hash of username:password? base64 encoding? random string of characters?
Thanks in advance.
I would use a completely random hex code. I would seriously avoid hashing the username & password, that leaves all your users vunerable to a dictionary attack.
Thanks Joe,
Yeah from what I've seen so far many people use a SHA1 hex code based on Time.now plus some other random numbers.
Thanks Joe,
Yeah from what I've seen so far many people use a SHA1 hex code based on Time.now plus some other random numbers.
You could have a look at the code rails uses for generating the secrets used for forgery protection (rake secret)
Fred
You could use UUIDs.
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks