Question
I have a php script that generates a QR Code. This code will be read from a PhoneGap app in JavaScript. This works fine so far but I would like to secure the QR Code so none else can generate other valid codes.
My first thought was to add a hash of the data in the QR Code. but common hash functions are not very secure. For good hash functions I did not find a implementation for JavaScript. Second thought was to use public/private key encryption but here again is JavaScript a problem.
Another huge problem is that the QR Code should be simple. A long encryption will make the small QR Code unreadable.
What would be a good approach to secure a QR Code?
Solution
Add a hash using a shared secret to your ID like this:
https://stackoverflow.com/questions/21433454
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian$qrcontent = $id . md5($id . $secret);
So to create a new $qrcontent one needs to know the $secret. There are some simple hashes like crc32 so you don't need a fully implemented javascript md5 function for example. You can define how long / secure your hash should be.
