My Algorithm::CouponCode module generates a checkdigit using a simple hash function. The function 'hashes' 45 bits of data to produce a 5 bit checksum.
I cannot conceive of a situation where a 5 bit checksum would be considered a security device. At most there are 32 possible values (actually only 31 in my case) so if someone wished to generate codes which appeared valid to your "supposed-to-be secure system" they could do a brute force attempt of every possible checkdigit value in considerably less time than it would take them to download my code, let alone read it.
The situation seems analogous to the credit card industry. A credit card number includes a check digit but that doesn't mean you can make up a number, calculate a valid check digit and then use it to buy stuff online - a card number can only be used if some bank somewhere looks it up in their database and says "yes, we will honour that transaction".
|