[thelist] cryptic question

[Eduardo Dominguez]

The thing is, how can I keep even the salt number secret. The prizes
we are giving in our internal game are juicy and we everyone to
participate. This code is in CVS so anyone can see the salt number.
Its in PHP.

I still havent figured out how to do it.

(btw, we trust our people, but what bugs me is that this problem,
for now, cant be resolved :)

----- Original Message ----- 
From: "Raul Beltran" <espiritudelvino at hotmail.com>
To: <thelist at lists.evolt.org>
Sent: Monday, October 02, 2000 9:07 PM
Subject: Re: [thelist] cryptic question


What are you using to write this application? ASP? JSP? PHP?

the crypt() function (at least in PHP) accepts 2 arguments the value to be
encrypted and the 'salt', both as strings.

To make your encrypted number more difficult to guess you only need to
choose a 'salt' value that nobody knows, like this (price=100):

$encryptedString = crypt("100", "this will never be guessed");

this way, to guess the number you must know what the 'salt' is, making
almost impossible to break it with brute force.

Do a 'man crypt', this unix command should accept a 'salt' too...

----- Original Message -----
From: "Eduardo Dominguez" <lalo_dominguez at yahoo.com>
> Even using unix crypt() function solves nothing since a simple
> for() loop will get the price in less than a minute. :(
> The problem is that prices are numbers, so they are easily
> manipulated. How can I mix letters/numbers so that even they
> guy that coded the function that checked the price cant know
> it ?


---------------------------------------
For unsubscribe and other options, including
the Tip Harvester and archive of TheList go to:
http://lists.evolt.org Workers of the Web, evolt !


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com