Except that if you generate a different key for each one. Then your crack does not work.
Dave ----- Original Message ----- From: "Jochem van Dieten" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, October 04, 2001 12:31 PM Subject: Re: Storing Credit Cards > Dave Hannum wrote: > > > Just FYI - it's a fact. Munging the credit card numbers is harder to crack > > than encryption. > > For example. You have a key. You add a documented value to the first set > > of four numbers and add another number to the second set of four numbers. > > (dummy cc number here) > > > > Visa 4563 2784 9001 2483 > > > > Add Key 1 = 4321 > > Add Key 2 = 9876 > > > > Store number as 8884 12660 9001 2483 > > > > Without the keys, this number is impossible to crack. > > > > You store your key. Then, when you want to process again, you subtract the > > numbers you added in and you have a valid credit card number. As long as > > that key is not web accessable, you're secure. VERY secure. And much > > cheaper than PGP. > > Except when I know a cc somewhere in the database. Just trying them all > with a MOD 10 algorithm can probably be done at a rate greater than 1000 > keys per second. For a 100000 cc database this is a guaranteed crack in > 100 seconds. > > Munged CCs in hacked database: > 8884 12660 9001 2483 > 4568 13131 5465 5466 > 7897 8798 4823 9312 > > Hackers CC he knows is somewhere in database: > 4563 2784 9001 2483 > > How long would it take to get the Key 1 and Key 2? > > NEVER do this, it is stupid because anyone can crack it. You don't even > need to do all the math because you know that CCs start with special > numbers (like 4 for Visa, 37 for AmEx etc. (these numbers are fictional, > but actual numbers are wel known)). > > Jochem > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
