Quote:
|
Originally Posted by hacker
When (not if), this encryption method is breached, the ability to get the credit cards numbers back out of the system will be immediately made publically known. Whomever thought of this method needs to be drawn-and-quartered. |
(edit: sorry hacker. I didn't see that you were going to explain details of hash functions as well. my fault!)
It is fortunately not that bad. eReader uses some kind of one-way hash algorithm in conjunction with the credit card number. Hash algorithms are central to modern cryptography. The security of a one-way hash function is its one-wayness: the output is not dependent on the input in any discernible way. Plus, given a hash value, it is computationally unfeasible to find a pre-image that hashes to that value.
After eReader has created and stored the hash, it uses it as a key to decrypt the protected e-books (which are, to my knowledge, encrypted with the DES-X algorithm).
The credit card number isn't stored, neither in the e-book nor on your pda device - at least eReader claims so, and I don't see a reason why they should lie.