Encrypting a PIN (AREV Specific)
At 27 FEB 2002 04:14:51PM Gray Cunningham wrote:
Hi,
A client has asked me to import a dos file that contains serial numbers and PINs into their AREV database. No problem, except that they would prefer that the PIN be encrypted in some way so that if their computer was stolen, the PINs would not be readable. I thought that there was an Iconv or Oconv conversion that would encrypt a password, but I can't find it. I'm on vacation, so I don't have access to any manuals. I also see that SEC() might help me, but I'm not sure how to use it and I don't expect to be using this from a Window. Any suggestions?
Thanks,
Gray Cunningham
At 27 FEB 2002 04:30PM [url=http://www.sprezzatura.com" onMouseOver=window.status=Click here to visit our web site?';return(true)]The Sprezzatura Group[/url] wrote:
http://www.sprezzatura.com/revmedia/V4I6A2.HTM
World Leaders in all things RevSoft
At 28 FEB 2002 12:32AM Richard Hunt wrote:
I think if I remember right, SEC() will encrypt, and it will not decrypt.
What I mean is, once you encrypt the PIN, there is no way to decrypt it. All you can do is take a PIN and encrypt it and see if the two encryptions match.
At 28 FEB 2002 03:17AM Larry Wilson wrote:
It actually doesn't matter how you encrypt a PIN, even if it can't be decrypted. You just encrypt what the person has entered for the password (PIN) and compare it against the encrypted original password to see if it's valid. This is how Microsoft, et al, does it - thus the PIN can never be decrypted and you don't need a key to encrypt or decrypt - just an alogorithm. It could be as simple as generating a CRC number, but by parsing the PIN from right to left. Not bulletproof, but beyond the reach of all but the most determined and skilled.