I need to encrypt some parameters of the url, such as email and client code, and determine the valid time for the forwarded link.
I mirrored on Facebook, Google and Twitter using this methodology to ensure the security of the url.
What would be the best encryption, MD5, SHA1, base64 in that specific case? What is the best way to determine the valid time for the link?
MD5 and SHA1 are algorithms of HASH , they are not encryption. When you encrypt something, you probably need to decrypt in the future. HASH algorithms are one-way and it is not possible to get the original text from a HASH with common methods (yes brute force could solve but we know it is not computationally feasible). Base64 strong> is simply a different encoding. We took a text, we changed the coding of it, but it's still the same information.
According to what you proposed, HASH would prevent a person from discovering the password in an easy way, but would still expose their HASH which is in fact what the system will use to authenticate. Even if you do not pass this on the URL it is very simple to get the contents of a request. But what's the solution then?
When the server uses secure protocols for data transmission, it actually implements encryption in the traffic data. We usually access websites using HTTP or HTTPS protocols. HTTP does not provide security, since HTTPS adds a layer of protection through SSL / TLS, so incoming and outgoing data is encrypted and only the client and the server can understand the information.
