11#lang scribble/doc
2- @(require "web-server.rkt " )
2+ @(require "web-server.rkt "
3+ (for-label racket/random
4+ ))
35
46@title[#:tag "http " ]{HTTP: Hypertext Transfer Protocol}
57
@@ -329,7 +331,7 @@ is fully controlled by the user, and thus cannot be trusted.
329331This module provides functions for creating and verifying
330332authenticated cookies that are intrinsically timestamped. It is based
331333on the algorithm proposed by the
332- @link["http ://cookies.lcs .mit.edu/ ]{MIT Cookie Eaters}: if you store
334+ @link["https ://pdos.csail .mit.edu/archive/cookies / ]{MIT Cookie Eaters}: if you store
333335the data @racket[_data] at thime @racket[_authored-seconds], then the
334336user will receive @litchar{digest&authored-seconds&data}, where
335337@racket[_digest] is an HMAC-SHA1 digest of @racket[_authored-seconds]
@@ -343,8 +345,8 @@ to generate this is by using random bytes from something like OpenSSL
343345or
344346@tt{/dev/random}. @link["http://www.madboa.com/geek/openssl/#random-generate " ]{This
345347FAQ} lists a few options. A convenient purely Racket-based option is
346- available (@racket[make-secret-salt/file]), but it will not have as
347- good entropy, if you care about that sort of thing .
348+ available (@racket[make-secret-salt/file]),
349+ which is implemented using @racket[crypto-random-bytes] .
348350
349351 @defproc[(make-id-cookie
350352 [name cookie-name?]
0 commit comments