Maybe offtopic

Galileo bugtrap at
Tue Feb 4 09:05:40 EST 2003

This  message  is maybe not for this list but I have no one else to turn to.
I tried sending this message to pentest list but got no reply.
So please  if you have some spare time please help me with this.
Thanks in advance and forgive me for my bad English.

I'm  currently building VOIP system for a small ISP. Everything seems secure
enough but one thing bothers me.
Users  can  obtain  access  to  the  system  when  they come to us and pay for a
account. When their credit runs out they can come directly to us again and pay
for  more  credit  or  bay  a  prepaid  card  which  gives them 250, 500, or 1000
"credits". Now mine main concern is how strong the code is.

Codes are generated and printed on the cards and put into a database.
For example two cards with 250 "credits"

S.N. 084200821   Code: 2129 2030 5085 5334
     084200822         1714 3504 4820 0177

The  biggest  problem  is that I don't have the source code of the program that
generates  the  codes so I can't see how it is generated.  If  I try and write my own
I'm afraid it would be even more insecure :(((((
If the program uses some weak algorithm the system could be abused.
I   tried   to   test   the  code  myself but my knowledge in code breaking and
random numbers is very limited. I managed to find some interesting things that make me
belive that the
code  is  weak.  So if someone can help me with this, and give me proof that the
code is indeed weak/strong   please do.
Sorry for my bad English

Greetings from Galileo.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list