Re: Generating Prepaid Card Numbers

"Michael Fork" <mjfork@xxxxxxxxx> writes:
> > I'd add a checksum in any case. It's always good to be able to detect
> > typing errors before querying the database at all. This also prevents
> > users from "stealing" other peoples cards by accident.
>
> What is the suggested way to implement a check digit in an application
> like this?

Credit card numbers just have very simple checksum algorithms, with no
attempt to keep them secret. If you want to slow people down from
generating potentially-valid numbers, you could apply the check digit
before encryption.

I'm a little more concerned about your plan to re-use numbers, and
also that you don't have enough digits. Other systems of this type
typically have as many as 20 digits. If you're issuing 20 million
cards a year and it's doubling every year, that's 20M this year, 40M
next year, 80M in 2 years, etc. If it continues out to 5 years,
that's 640 million cards. You want at least 10 billion distinct card
numbers (10 variable digits) and if you have three fixed digits (why
do you need any, if you can just track the cards in a database?) and
one check digit, that means any random number with a correct check
digit has 1% chance of being a valid card number.

I don't think you need to mess with hardware RNG's. Just populate a
database with valid card numbers from a software RNG or crypto
algorithm. Keep track of which cards have been activated, and expire
unactivated cards after 2 years or so (but don't re-issue those
numbers). The algorithms for generating the numbers etc. are simple
and other people have suggested some. You have more of a procedural
and logistics problem than a cryptographic one.
.

Relevant Pages

  • Re: Punch cards
    ... most significant digit -- i.e. they were variable length. ... switches, read in a deck with the Fortran compiler, reset the switches, read in ... your program and it punched out the object code on a deck of cards. ...
    (Fedora)
  • Re: Hypothetical SxS Question
    ... We need 250 stations. ... Isn't a four digit code inherently more complex than a ... and an appropriate number of line cards. ... those T-1s out to the individual POTS circuits. ...
    (comp.dcom.telecom)
  • Re: too much information!
    ... > characters of redundancy in the whole million digit file. ... add all the cards then all the sums are even. ... possible shuffles that would result in an alternating sum of 0 mod 10 ...
    (sci.physics)
  • Enigma 1460 - Colour coded
    ... I have nine cards, each of a different ... evenly around the circumference of a circle. ... digit and an even digit. ... clockwise around the circle, with the digits ...
    (rec.puzzles)
  • Re: adding hyperlinks to a table....
    ... Based on what will I know what to rename ... Not that I'm looking to complicate things ... togeter to form a 9 digit number. ... people writing documents would name them, to a number that the database ...
    (microsoft.public.access.forms)