Maybe offtopic
Galileo
bugtrap at mailandnews.com
Tue Feb 4 09:05:40 EST 2003
This message is maybe not for this list but I have no one else to turn to.
I tried sending this message to pentest list but got no reply.
So please if you have some spare time please help me with this.
Thanks in advance and forgive me for my bad English.
I'm currently building VOIP system for a small ISP. Everything seems secure
enough but one thing bothers me.
Users can obtain access to the system when they come to us and pay for a
account. When their credit runs out they can come directly to us again and pay
for more credit or bay a prepaid card which gives them 250, 500, or 1000
"credits". Now mine main concern is how strong the code is.
Codes are generated and printed on the cards and put into a database.
For example two cards with 250 "credits"
S.N. 084200821 Code: 2129 2030 5085 5334
084200822 1714 3504 4820 0177
The biggest problem is that I don't have the source code of the program that
generates the codes so I can't see how it is generated. If I try and write my own
I'm afraid it would be even more insecure :(((((
If the program uses some weak algorithm the system could be abused.
I tried to test the code myself but my knowledge in code breaking and
random numbers is very limited. I managed to find some interesting things that make me
belive that the
code is weak. So if someone can help me with this, and give me proof that the
code is indeed weak/strong please do.
Sorry for my bad English
Greetings from Galileo.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list