Creating a secure webauth system: Part 1 — HMAC
This is the first in an n-part series about web authentication for a system where user identification and attribution is important, but content protection is not. This entry assumes that a secure method has been used to negotiate a shared secret — as the result of username / password authentication over https, for example.
Obviously […]