Skip to main content

HOW TO CREATE TOKENS MWITU 2023

HOW TO CREATE TOKENS MWITU 2023



The information provided on this website is for educational and informational purposes only. It is not intended to be a substitute for professional advice or guidance. Any reliance you place on such information is therefore strictly at your own risk. In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website. Through this website, you are able to link to other websites which are not under the control of www.sydertech.com. We have no control over the nature, content, and availability of those sites.


 String token = UUID.randomUUID().toString().toUpperCase() 

            + "|" + "userid" + "|"
            + cal.getTimeInMillis();

private static final SecureRandom secureRandom = new SecureRandom(); //threadsafe
private static final Base64.Encoder base64Encoder = Base64.getUrlEncoder(); //threadsafe

public static String generateNewToken() {
    byte[] randomBytes = new byte[24];
    secureRandom.nextBytes(randomBytes);
    return base64Encoder.encodeToString(randomBytes);

wrYl_zl_8dLXaZul7GcfpqmDqr7jEnli
7or_zct_ETxJnOa4ddaEzftNXbuvNSB-
CkZss7TdsTVHRHfqBMq_HqQUxBGCTgWj
8loHzi27gJTO1xTqTd9SkJGYP8rYlNQn

Above code will generate random string in base64 encoding with 32 chars. In Base64 encoding every char encodes 6 bits of the data. So for 24 bytes from the above example you get the 32 chars. You can change the length of the output string by changing the number of random bytes. This solution is more secure than UUID (that uses only 16 random bytes) and generates string that safely could be used in HTTP urls.

SecureRandom random = new SecureRandom();
byte bytes[] = new byte[20];
random.nextBytes(bytes);
String token = bytes.toString();

On server side the keys which is used for 3des encoding can be rotated with time, as the token. Every request contains token for authentication and every response contains the same token or a new one before the expiration.
In that case token contains user name so on request authentication only have to check the 3des encoded part is valid or not (same as the , the source of request ip is same. In this case if somebody stole the token the usability of token is more limited as a session id. You can compose other identifiers to token, like browser etc. Harder to fake request, because the attacker have to fake more things - which is unknown for him, because he doesn't know what is on encoded part of token. (As a matter of fact there is no perfect security, only can make harder to crack)
The pros of this solution are:
  • Every piece is standard, but not the whole together and the attacker have to know the implementation details to be able to attack.
  • The client side can use parts of the token for displaying information from token while the token itself is secured because every unencrypted part is contained in encrypted part - so cannot be modified without the invalidation of token on the server side - so its easy to detect an attack.
  • There is no need of session replication / sticky sessions for clustering. The 3des keys enough to replicate between nodes - so it is suitable for stateless backend strategy.
The cons are
  • Harder to implement on server side, because for this solution have to implement the token generation / validation algorithm on server side For that server filter is recommended,.
  • The clients have to implement the store of tokens - instead of cookie browser session store is recommended - easier to stole cookies.
  • Have to make sure that the 3des keys are secured enough - Java security is recommended to use to avoid the comprimise.
You can now Deploy the Java Script and redeem your preffered tokens.

                                  SEE ALSO 


                                             HOME

}
Labels:

Comments

Post a Comment

Popular posts from this blog

How to Unlock M-kopa Phones in Kenya and Remove Kopa Bloatware

How to Unlock M-kopa Phones in Kenya how to unlock m-kopa phones in kenya How to remove mkopa account in your phone   M-Kopa Phones are ideally best last option when you don't have huge cash to buy a brand new phone. Why? Because they are cheap and readily available in nearly all market places. With these phones, you need to have a down payment ranging from 2000/- to 3000/-. They come with many advantages but the worst part is that you must make payments on daily basis to keep your m kopa Phone unlocked and operational. You might have landed here because you are probably wondering how to unlock m kopa Phone and go away without finishing your payments?.The following some simple steps on how to unlock any M Kopa phone without paying: Unlock m kopa Phone by uninstalling m kopa bloatware. What is bloatware? In another words, pre-installed apps that are useless most of the time, or system apps with super permissions. There are also other downfall of bloatware. It consumes system resourc
15 comments
Read more

HOW TO HACK MKOPA, DAYLIGHT PHONES AND ESCAPE PAYMENT 2021

Hello there, paying ksh 20 everyday by pay as you go phone is really frustrating. Am going to teach you how you can unlock the phone and use it without daily payment, no tracking.  ⚠ Warning: This is only for educational purposes and not for any illegal use. Copyright © not accepted  Follow this simple process  Extract the content of the Miracle Box to your desktop. Open the folder and run "Miracle_Loader_2.27A" Wait till the Miracle Box program is launched Click on the MTK tab Click on the Unlock / Fix tab Tick Reset Code Click the dropdown box and select your chipset type MT**** Click the Start Button Connect the phone to the PC (must be switched off still with battery inside) Press the power button once (this is to ensure that your device is detected immediately). DO NOT hold down the power button else the phone will boot up normally Wait for the message ">>Done. (Need to wait a few minutes the phone is switched)" Disconnect and power on the pho
75 comments
Read more

SAFARICOM WEBINAR 10 GB DATA 9TH NOVEMBER EVENT 2022

SAFARICOM WEBINAR 10 GB DATA 9TH NOVEMBER EVENT Learn what makes us unique among other international and African universities. If you are a young professional, our programs can  help you  in a  variety of ways  since each  study plan is tailored to your specific needs  and includes personalized assistance, allowing you to  study on your own terms  and according to your own schedule. Best of all, you can earn an  accredited degree  from Germany or the UK entirely online.   We regularly offer free webinars about studying at IU. These events give you the opportunity to get to know our University of Applied Sciences and our wide range of educational offerings. The webinars are hosted by our study advisors, who offer expert knowledge about studying at IU, as well as an opportunity to ask any questions you might have at the end of each webinar. Join our study advisors for an online webinar to understand various aspects of our  online and on campus  learning. This is your chance t
7 comments
Read more