h a l f b a k e r yWhy not imagine it in a way that works?
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
|
But no one forges cheques - they
just steal chequebooks. |
|
|
Nuancense. - The algorithm will be cracked immediately. |
|
|
Indeed, as Shz says, relying on an
encryption algorithm alone would
not be enough. You could, however,
give every cheque a bank + cheque
number (ie, remove the
account_number), the only way of
getting the account number would
be to look up the cheque number in
the bank's list of cheques to find
the corresponding account. If
numbers would be assigned
randomly to cheques from this list,
it would be tough to guess a
number. |
|
|
I was thinking that there should be a secret key, so that even if the algorithm were public, the numbers could not be forged. But of course a look-up table would be even more secure. Either way, it would raise the bar from being a casual Photoshop fraud artist to someone with some amount of cracking computing power. |
|
|
Someone whispers in my ear that people at least used to forge checks. Corporate checks, that is. (A la *Catch Me if You Can*) |
|
|
Hmm... I just thought of essentially this idea and figured I should search before posting. |
|
|
To allow the new checks to work within the existing infrastructure, I would create one new account number for each account (so it each account would have two numbers). These two numbers would bear no numerical relationship to each other, but would be cross-linked at the account holder's institution. Let's suppose the first account number is 123456789 and the second is 654321. The providing institution would also keep a secret key for each account holder. |
|
|
The holder of the account would receive from his financial institution a few "ACH signup" slips for use setting up automated deposits; those would have account number 123456789. All of the person's normal checks would have a printed account number consisting of his own secondary account number 654321 concatenated with a hash of the check number encrypted with his account's private key (for a total length of 12 digits or so--I'm not sure what the maximum is). |
|
|
As far as any of the intermediate institutions are concerned, check #123 would look like it was drawn against account #654321935452 (or whatever). They wouldn't care what significance that account had. The issuing institution, though, could look up the private key for the account, hash the check number (123), and confirm that it hashed out to 935452 when encrypted with the proper key. |
|
|
//presumably they can already detect attempts to cash a check with the same sequence number multiple times//
You have a touching faith in the banking system. Banks will cash any cheque you present them with. The only checking that they do is to confirm, if possible, with the issuer that the details on particularly large payments are correct.
//But no one forges cheques - they just steal chequebooks//
Normally what they do is try to alter the amount on a legitimate cheque that they've been sent or make fraudulaent use of cheque books that their employer has issued them with. |
|
|
Pastry. If the nonce were sufficiently large, it should certainly make the algorithm secure until checks become obsolete. |
|
| |