Versions Compared

Old Version 2

changes.mady.by.user Johan Wendelstam

Saved on

compared with

New Version 3

changes.mady.by.user Johan Wendelstam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

Since the signature is based on the full URL (step 8) it is salted and the minimum length of the secret is always a machine generated unique 15  character string (32 in the latest version of Meridix), MD5 can be used as the default hash algorithm.

Example:
Using a hash breaking setup that could generate 3 000 000 000 000 MD5 hashes per seconds it would take 2401906 years 29 days 19 hours 12 minutes and 4 seconds
(2.2739031742704e+23 password combinations) to try all possible secret combinations for 15 lower alpha numeric characters.

Using a hash breaking setup that could generate 3 000 000 000 000 MD5 hashes per seconds it would take 6.881744347665362e+29 years 67 days 8 hours 0 minutes and 44 seconds
(6.515000913905823e+49 password combinations) to try all possible secret combinations for 32 lower alpha numeric characters.

Source: http://calc.opensecurityresearch.com/

Note that all user defined passwords etc. is are not stored as MD5 hashes.


Note

A signed request (Signature) can only be used one time, when it has been used it can not be executed again and in that case the server will return a 403 Forbidden HTTP response. The request must also be sent to the server within ten minutes from that the signing was been made (based on the UTC Timestamp in the request).

...