![]() Suffice it to say that you use an algorithm to generate a stream of one time passwords. There is some intermediate math behind it, which I'd butcher without first reviewing it myself. I am unable to explain all the technical details of how these one-time codes are generated (or work) adequately. In your case, though, you'd probably want to limit the range to and possibly include * and #. like comma, period, semi colon, and parenthesis. So, and a bunch of easily typable symbols. This is sometimes referred to as a "disposable password." Normally these are restricted to the (easily typable) ASCII values. In the security world, there is the notion of a "one time" password. The first 10 keys will be 6 digits.Īssuming you already know how to detect which key the user hit, this should be doable reasonably easily. This method allows you to start with smaller keys too. Put 3 digits at the front and 2 at the back of the sequence (zero pad so the length of the CRC is consistent). If you want to obscure the sequential portion more, then split the CRC in two parts. To validate you just split the number into its two parts, and then take a CRC-16 of the sequence number and the private key. Having a private key prevents people from being able to forge a key, but using a 16 bit CR makes it easier to break. Make it something big, at least a GUID, but it could be the text to War and Peace from project Gutenberg. You can use anything for the private key, as long as you keep it private. Then you prefix the sequence with a CRC-16 of that sequence number AND some private key. That way you know you are not getting duplicates. If all you want is a verification number then just use a sequence number (assuming you have a single point of generation). Part of it should be a 16-bit CRC of the rest of the code. I don't know the user's phone number.įollowup : I've found several algorithms to check the validity of numbers (See this interesting Google Code project : checkDigits). Given these requirements, how would you generate such a number?ĮDIT The code has to be numerical because the user types it with its b: On the first step, the code is displayed on a Web page, the second step is to call and type in the code. The code must be as short as possible, to avoid errors from the user.I must have a reasonable number of possible combinations (let's say 1M).It must be difficult to have a valid code if I make a typo (transposition of digits, wrong digit).It must be difficult to type a valid random code.The phone system does not have access to a list of valid numbers, but instead, it will validate the number against an algorithm (like a credit card number). ![]() I would like to be able to detect if the number they type is correct or not. I'm working on an application where users have to make a call and type a verification number with the keypad of their phone. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |