LPM: Encryption Question
Frank Price
fprice at mis.net
Wed Dec 22 17:09:14 CST 1999
On Wed, 22 Dec 1999, Janine Ladick wrote:
# > Do you really need a CSR to be able to do it by "hand"? This seems
# > fraught with peril :-)
#
# Isn't not an SSN or anything like that...just a frequent flyer account
# number. :-) By hand is not as perilous as one might think.
The peril I had in mind was that no matter how easy, people will
forget the algorithm; and once you've settled on one, it'll be tough
to change b/c you have to push it out to everyone. If a goal is to
avoid support calls, trying to automate it seems pretty necessary.
# > If you had a secure web server, and the CSRs had web access, then you
# > could have a script which would encrypt this special ID. You start with the
# > special ID, encrypt it, add to mailing label. If it comes back, you
# > send to CSR. CSR gets enters encrypted number into secure web form
# > which returns special ID.
#
# That would be cool, but things are so tight around here I can't even
# get to my email from outside the building - and I'm management, for
# crying out loud!
#
# I do like the idea of a conversion program. If Beth (the CSR)
# needed to research on more than a few mailers then decoding by
# hand would be cumbersome. Hmm...sounds like a holiday project to
# me. Thanks!
And now that I think of it, you can use any algorithm you like as long
as it generates a unique string for each unique ID. Probably the
easiest way is to generate the string and then put it as the key in a
hash, with the value as the ID. Then your decoder just prints the
value of the hash given the key.
Somewhere around here I have the equivalent of the unix passwd
encrypter written in Perl. If you're interested I'll try to dig it
up...
-Frank.
More information about the Lexington-pm
mailing list