[thelist] cryptic question

Jeff jeff at lists.evolt.org
Mon Oct 2 19:31:01 CDT 2000


eduardo,

:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: From: Eduardo Dominguez <lalo_dominguez at yahoo.com>
:
: The price of the item is stored in a DB. A DB a lot
: of people have access to. This number should be
: crypted, but then, its an encrypted number. Brute
: forcing your way to the number should be VERY
: simple. A simple for() loop testing all the numbers
: between 0 and 1000 and you are all set.
:
: Is there a way to keep this number COMPLETELY
: private so that only the guy that posted it knows it ?
: Or even better, a number that NO ONE knows ?
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

i don't know what serverside tools you have at your disposal, but i would
imagine that hashing the number before putting it into the database, using a
key that's only know to the person doing the development would do the job.
since the number can't be derived by unhashing (no such thing) the encrypted
number it should be pretty safe.  then, to compare the numbers all you have
to do is use the same key and hash their guess and compare against the value
in the database.  if they match, they've guessed the right price.

good luck,

.jeff

name://jeff.howden
game://web.development
http://www.evolt.org/
mailto:jeff at members.evolt.org





More information about the thelist mailing list