?

Log in

No account? Create an account

Overkill

With the recent interest in the IFIS lovemap of doom (not the unofficial version that I tested out on LJ folk), it got me thinking about ways to make it so that at no point is anyone's name stored in plain text in a link. And it occurred to me today, that the easiest way to do that is to use some kind of public/private key encryption. When Fred says he fancies Bert, it'll use Bert's public key to encrypt his name and then when Bert logs in, it can use his private key to confirm which of the encrypted target names are his and create the final links appropriately.

Bert (or Fred) won't need to know their keys because they can be stored in the database. The private key would have to be encrypted with their password though so that only that user could make use of it, but that is already how I'm dealing with storing what links a user has created.

Except I've just realised that it can still be brute forced, cos it's possible to just encrypt every user name with their public key until you find a match. I guess if I added a bunch of random crap in with the name, it might foil that? I suspect this will require a bit of tinker-time to see just how to get this working in a way that actually works and isn't just adding an extra layer of faux obfuscation. Cos if I could get it working, I could make public the database entries for all to see.

Comments