Dave Hannum wrote: > Just FYI - it's a fact. Munging the credit card numbers is harder to crack > than encryption. > For example. You have a key. You add a documented value to the first set > of four numbers and add another number to the second set of four numbers. > (dummy cc number here) > > Visa 4563 2784 9001 2483 > > Add Key 1 = 4321 > Add Key 2 = 9876 > > Store number as 8884 12660 9001 2483 > > Without the keys, this number is impossible to crack. > > You store your key. Then, when you want to process again, you subtract the > numbers you added in and you have a valid credit card number. As long as > that key is not web accessable, you're secure. VERY secure. And much > cheaper than PGP.
Except when I know a cc somewhere in the database. Just trying them all with a MOD 10 algorithm can probably be done at a rate greater than 1000 keys per second. For a 100000 cc database this is a guaranteed crack in 100 seconds. Munged CCs in hacked database: 8884 12660 9001 2483 4568 13131 5465 5466 7897 8798 4823 9312 Hackers CC he knows is somewhere in database: 4563 2784 9001 2483 How long would it take to get the Key 1 and Key 2? NEVER do this, it is stupid because anyone can crack it. You don't even need to do all the math because you know that CCs start with special numbers (like 4 for Visa, 37 for AmEx etc. (these numbers are fictional, but actual numbers are wel known)). Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
