LPM: Encryption Question

[Frank Price]

On Wed, 22 Dec 1999, Janine Ladick wrote:

# > Do you really need a CSR to be able to do it by "hand"?  This seems
# > fraught with peril :-)
# 
# Isn't not an SSN or anything like that...just a frequent flyer account 
# number.  :-)  By hand is not as perilous as one might think.

The peril I had in mind was that no matter how easy, people will
forget the algorithm; and once you've settled on one, it'll be tough
to change b/c you have to push it out to everyone.  If a goal is to
avoid support calls, trying to automate it seems pretty necessary.

# > If you had a secure web server, and the CSRs had web access, then you
# > could have a script which would encrypt this special ID.  You start with the
# > special ID, encrypt it, add to mailing label.  If it comes back, you
# > send to CSR.  CSR gets enters encrypted number into secure web form
# > which returns special ID.
# 
# That would be cool, but things are so tight around here I can't even 
# get to my email from outside the building - and I'm management, for 
# crying out loud!
# 
# I do like the idea of a conversion program.  If Beth (the CSR) 
# needed to research on more than a few mailers then decoding by 
# hand would be cumbersome.  Hmm...sounds like a holiday project to 
# me.  Thanks!

And now that I think of it, you can use any algorithm you like as long
as it generates a unique string for each unique ID.  Probably the
easiest way is to generate the string and then put it as the key in a
hash, with the value as the ID.  Then your decoder just prints the
value of the hash given the key.

Somewhere around here I have the equivalent of the unix passwd
encrypter written in Perl.  If you're interested I'll try to dig it
up...

-Frank.