newbie needs help - elliptic curve replacement
From: will (email@example.com)
From: "will" <firstname.lastname@example.org> Date: 11 Apr 2003 21:40:00 GMT
Hello, I was asked my company to create an algorithm for creating 20-digit
codes that could be used to unlock our software. As we can be certain that
the application has access to the internet, we are simply going to populate
a database on the server and mark off each code as it is used.
However, the original idea we came up with (none of us particularly knowing
cryptography) was to do this:
1. Create a random elliptic curve.
2. Choose a random point on it.
3. Run the data for the elliptic curve and the position of the point
through SHA-1, then store all nibbles under 0xa from the return string up to
twenty digits trashing any that don't have twenty.
4. Add the point in the elliptic curve to itself and repeat step 3.
However, in doing research, I don't believe that for as simple as it is to
say "create an elliptic curve," that I or anyone at my company actually have
the mathematical knowledge to create one.
So, the question is: Is there anything any of you can think of to replace
steps 1 and 2 that can be created by someone who has darn near zero
knowledge of cryptography and yet will still be sufficiently obtuse that we
don't have to worry that the pattern to our codes can be easily cracked?