REST authentication S3 like hmac sha1 signature vs symetric data encryption.

Posted by coulix on Stack Overflow See other posts from Stack Overflow or by coulix
Published on 2010-05-28T22:57:09Z Indexed on 2010/05/28 23:02 UTC
Read the original article Hit count: 216

Filed under:
|
|
|

Hello stackers,

I was arguing about an S3 like aproach using authorization hash with a secret key as the seed and some data on the request as the message signed with hmac sha1 (Amazon S3 way) vs an other developer supporting symetric encryption of the data with a secret key known by the emiter and the server.

What are the advantage of using signed data with hmac sha1 vs symetric key other than the fact that with the former, we do not need to encrypt the username or password.

What would be the hardest to break ? symetric encryption or sha1 hashing at la S3 ?

If all big players are using oauth and similar without symetric key it is sure that there are obvious advantages, what are those ?

© Stack Overflow or respective owner

Related posts about security

Related posts about architecture