Hi all,
i have interesting problem:
+ We have some Personal Number (PN).
+ PN is primary key in database (DB) of important data. ("bad customer")
+ must NOT exist way to get PN and data from DB
+ must exist way to find out if PN is in DB
+ of course we must inserting PN and data in DB
- ease solution is to use one way function SHA or else, BUT cont of PN is
limited it is only 6 digit number, so
attacker can use hard power to get all PN from DB
- my friend recommend me to expand number in this way, all digits 0 will be
random of ('a'-'e'); 1 -> ('f'-'n'), etc. Way for hackers will be harder,
than in previous idea
- does exist some algorithm for this problem (may be in OpenSSL)?
thanks for all answers
Martin
(excuse me my English)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
