Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Well the idea with the date/timestamp was that it would only be valid for X minutes, but if you are afraid that in the 10 minutes window it can be used multiple places you can add some salt to the process. PH pops up a page showing "Your secret word is: hamburgers. Provide access code below:". Age-verifier webpage asks for the secret word, and will create a json with "secret: hamburgers, claims: over_a18, date:2026..." and sign it with its private key, and this will be the code (encoded as a number). PH will verify that the code contains the secret "hamburgers", the claim and that its fresh enough (although this step is maybe not needed since it had the valid one-time secret).


Right, yeah I like that idea. I think that would actually work correctly and safely. Disregard my other comment on this :-)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: