Re^9: RFC: Algorithm::CouponCode

The point is that the supposed-to-be secure system whose identity I am legally bound not to reveal, is made more vulnerable now that its code can be cracked, albeit somewhere else. There may be repercussions from that.

One world, one people

Comment on Re^9: RFC: Algorithm::CouponCode

Replies are listed 'Best First'.

Re^10: RFC: Algorithm::CouponCode
by grantm (Parson) on May 09, 2011 at 01:07 UTC

My Algorithm::CouponCode module generates a checkdigit using a simple hash function. The function 'hashes' 45 bits of data to produce a 5 bit checksum.

I cannot conceive of a situation where a 5 bit checksum would be considered a security device. At most there are 32 possible values (actually only 31 in my case) so if someone wished to generate codes which appeared valid to your "supposed-to-be secure system" they could do a brute force attempt of every possible checkdigit value in considerably less time than it would take them to download my code, let alone read it.

The situation seems analogous to the credit card industry. A credit card number includes a check digit but that doesn't mean you can make up a number, calculate a valid check digit and then use it to buy stuff online - a card number can only be used if some bank somewhere looks it up in their database and says "yes, we will honour that transaction".

[reply]


good chemistry is complicated, and a little bit messy -LW
	PerlMonks