Re: Creating unique, non-reproducible serial ID
Date: Fri, 09 Mar 2001 11:41:52 -0800
Message-ID: <3AA931FF.A2DCA967_at_uci.edu>
> self-verifying codes, which I gathered is all he really wanted.
Well, PGP is one way. Wrap their serial ID with your key, and nobody else can generate another ID that's wrapped with your PGP key unless you let them know. This way, you can even pick stupid serial IDs for each person (eg. 1, 2, 3, 4, 5...), but because it's wrapped with your PGP key, only one valid PGP encoding exists for each serial ID. Even if others know what the pattern of serial IDs are, they won't be able to recreate the unique PGP encodings you've made for them (unles you give them your key). Also, the PGP encoded IDs are unique enough by themselves to be tough to figure out what the actual pattern of serial IDs are, even with a few dozen such encoded keys in hand. If you can decode the serial ID, then it's valid.
SecureID keychains are another wonderful way of doing this. They generate valid random numbers every couple minutes, and you must enter that number generated for that valid period of minutes to be able to login to secured servers - otherwise, they'll have expired and you'll be locked out. Very tough to break as the servers themselves are running SecureID verification programs that rotate valid IDs every couple minutes; and the keychains are near impossible to reverse engineer (and by the time it's found missing, it'll be made invalid anyways). Each person has their own unique SecureID keychain that isn't duplicated by anybody else's, so their random numbers won't work for anyone else, nor at other times.
---Received on Fri Mar 09 2001 - 20:41:52 CET