March 19th, 2010

(no subject)

Last night was surprisingly good, if only for the reason that for the first time that I can remember, the regular IFIS Thursday pub social actually had more students than non-students. We even had the really quiet guy who when he does get chatting is quite fun and interesting to talk to. I also got to be a "corset" pimp and help izzy_stradlin make a bit of cash selling some unwanted stuff.

The weekend is going to be pretty shiny and already I'm wishing it were home time. Hopefully I'll be able to overcome my apathy tomorrow and actually go shopping, cos I've not been shopping in *ages* and I need a new umbrella as mine has lost a doohickey that holds one of the spines to the material, so it's not covering me 100% at the moment and I imagine it'll only get worse.

Overkill

With the recent interest in the IFIS lovemap of doom (not the unofficial version that I tested out on LJ folk), it got me thinking about ways to make it so that at no point is anyone's name stored in plain text in a link. And it occurred to me today, that the easiest way to do that is to use some kind of public/private key encryption. When Fred says he fancies Bert, it'll use Bert's public key to encrypt his name and then when Bert logs in, it can use his private key to confirm which of the encrypted target names are his and create the final links appropriately.

Bert (or Fred) won't need to know their keys because they can be stored in the database. The private key would have to be encrypted with their password though so that only that user could make use of it, but that is already how I'm dealing with storing what links a user has created.

Except I've just realised that it can still be brute forced, cos it's possible to just encrypt every user name with their public key until you find a match. I guess if I added a bunch of random crap in with the name, it might foil that? I suspect this will require a bit of tinker-time to see just how to get this working in a way that actually works and isn't just adding an extra layer of faux obfuscation. Cos if I could get it working, I could make public the database entries for all to see.

  • Current Mood
    thoughtful pondering