[thelist] cryptic question
Eduardo Dominguez
lalo_dominguez at yahoo.com
Mon Oct 2 19:10:30 CDT 2000
Even using unix crypt() function solves nothing since a simple
for() loop will get the price in less than a minute. :(
The problem is that prices are numbers, so they are easily
manipulated. How can I mix letters/numbers so that even they
guy that coded the function that checked the price cant know
it ?
Sucks :1
----- Original Message -----
From: ".redstar." <redstar at clix.pt>
To: <thelist at lists.evolt.org>
Sent: Monday, October 02, 2000 6:44 PM
Subject: RE: [thelist] cryptic question
Further to Bret's answer, I would say what Eduardo needs is to really
increase the event space so as to make it hard for a brute force attack.
Bret's advice is good but it wouldn't take long to guess what is being done
just by doing a simple pattern matching on a couple of samples.
A better approach would be to start by storing an MD5 hash of the price in
the database. This could be possibly salted just to make things harder to
guess.
.redstar.
---------------------------------------
For unsubscribe and other options, including
the Tip Harvester and archive of TheList go to:
http://lists.evolt.org Workers of the Web, evolt !
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the thelist
mailing list