Create auth keys dynamically or statically? #4
Description
What's better? Creating and sending the auth keys as a dynamic key, meaning they get passed like this:
(At Client)
- Authkey is created and passed to server.
(At Server)
- Server implements a Mersenne twister and passes the seed back to the client
(store this with PGP encryption in the clients FSystem) - Server verifies validity of the key and passes back a FAIL or SUCCESS flag back to the client
(At Client)
- Receive flag and decrypt seed and decrypt the Authkey returned back to the client from the server.
Or as a static key, meaning they get passed like this:
(At Client)
- Authkey is created and passed to server (send using PGP-512 encryption), pass the seed along side.
(At Server)
- Server decrypts the Authkey, validates, sends back to client with state flag.
(At Client)
- Client stores shared Authkey from server in FSystem and continues operating as normal.
_~_~_~_~_~_~__~
I don't know what's going to be easier, obviously with the static generation we get better performance but sacrifice more security. And of course, it goes the other way around with dynamic generation.