Further to Bret's answer, I would say what Eduardo needs is to really increase the event space so as to make it hard for a brute force attack. Bret's advice is good but it wouldn't take long to guess what is being done just by doing a simple pattern matching on a couple of samples. A better approach would be to start by storing an MD5 hash of the price in the database. This could be possibly salted just to make things harder to guess. .redstar.