Recharge Card Password Scheme

kubirongzi · Post time: 2020-2-12 00:00:02

The company is preparing to issue a game card that requires consideration of a password generation scheme. I want to find a password scheme like a telephone recharge card, and friends who want to know how to guide. Thanked here.

lightlucifer · Post time: 2020-4-8 13:30:02

Random number generation

titan5211 · Post time: 2020-4-8 17:30:01

GUID :)

wogenius · Post time: 2020-4-22 19:00:02

random number?

But the number of digits should be large, otherwise the pseudo-random number of the computer is still not so safe ...

40668477 · Post time: 2020-4-24 14:00:01

Use des directly

40668477 · Post time: 2020-4-24 15:15:01

s-des

angelowang · Post time: 2020-6-16 11:00:01

des?

=== My plan ===

Suppose you want to issue 100,000 cards.

1. Use a cryptographically safe pseudo-random number generation algorithm, and use the master key (that is, the initial seed of the system) to generate 100,000 random numbers large enough, with 20-30 decimal digits. And save it in a table (PRGN_TABLE);

2. The random number is printed on the card, of course, the random number must be hidden:) (like this mobile phone card), after the user buys the card, get a random number (ie password);

3. When the user hits the value, enter the random number and the server will look it up in the table, if any. It indicates that it is a legal user, and the value is charged, otherwise it is rejected.

safety:

Can users who do not purchase cards guess the numbers in PRNG_TABLE, or can users who purchase several cards guess the numbers in PRNG_TABLE based on the data they have obtained?

The answer is: the probability is almost zero.

* The master key should be kept secret, otherwise others can generate the same table according to your algorithm and initial value;

How to get cryptographically safe pseudo-random numbers, google "PRNG"

kubirongzi · Post time: 2020-6-28 17:45:01

>>* The master key should be kept secret, otherwise others can produce the same table according to your algorithm and initial value;
You can use microseconds as the master key, so you are not afraid of others knowing the algorithm.

angelowang · Post time: 2020-6-28 22:15:01

If you don’t know the initial seed, you can’t reconstruct the table. It’s often necessary.

If you encrypt with a password that you don't even know (such as time(null) as the password), who can decrypt it?

angelowang · Post time: 2020-6-29 20:15:01

>> You can use microseconds as the master key, so you are not afraid of others knowing the algorithm.
The first element of cryptography: Don’t expect the security algorithm to provide security to the system. Security should only come from the password.
People all over the world know this algorithm, but without knowing my master key, I cannot construct my random number table.

		Remember me	Forgot password?
Password			Register