Suffice it to say that you use an algorithm to generate a stream of one time passwords. There is some intermediate math behind it, which I'd butcher without first reviewing it myself. I am unable to explain all the technical details of how these one-time codes are generated (or work) adequately. In your case, though, you'd probably want to limit the range to and possibly include * and #. like comma, period, semi colon, and parenthesis. So, and a bunch of easily typable symbols. This is sometimes referred to as a "disposable password." Normally these are restricted to the (easily typable) ASCII values. In the security world, there is the notion of a "one time" password. The first 10 keys will be 6 digits.Īssuming you already know how to detect which key the user hit, this should be doable reasonably easily. This method allows you to start with smaller keys too. Put 3 digits at the front and 2 at the back of the sequence (zero pad so the length of the CRC is consistent). If you want to obscure the sequential portion more, then split the CRC in two parts. To validate you just split the number into its two parts, and then take a CRC-16 of the sequence number and the private key. Having a private key prevents people from being able to forge a key, but using a 16 bit CR makes it easier to break. Make it something big, at least a GUID, but it could be the text to War and Peace from project Gutenberg. You can use anything for the private key, as long as you keep it private. Then you prefix the sequence with a CRC-16 of that sequence number AND some private key. That way you know you are not getting duplicates. If all you want is a verification number then just use a sequence number (assuming you have a single point of generation). Part of it should be a 16-bit CRC of the rest of the code. I don't know the user's phone number.įollowup : I've found several algorithms to check the validity of numbers (See this interesting Google Code project : checkDigits). Given these requirements, how would you generate such a number?ĮDIT The code has to be numerical because the user types it with its b: On the first step, the code is displayed on a Web page, the second step is to call and type in the code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |