Best way to generate an API key?

I’m in the middle of creating an API for our app and wanted to get
some feedback on the best way to generate unique APIKEY’s for each
account. Similar to Basecamp’s API keys for example.

md5 hash of username:password? base64 encoding? random string of
characters?

Thanks in advance.

I would use a completely random hex code. I would seriously avoid
hashing
the username & password, that leaves all your users vunerable to a
dictionary attack.

Thanks Joe,

Yeah from what I’ve seen so far many people use a SHA1 hex code based
on Time.now plus some other random numbers.

On Aug 30, 9:11 am, “Marston A.” [email protected] wrote:

Thanks Joe,

Yeah from what I’ve seen so far many people use a SHA1 hex code based
on Time.now plus some other random numbers.

You could have a look at the code rails uses for generating the
secrets used for forgery protection (rake secret)

Fred

You could use UUIDs.

http://blog.labnotes.org/2005/10/18/ruby-uuid-generator/
http://en.wikipedia.org/wiki/UUID

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs