Announcement

Collapse
No announcement yet.

Host to Host payment systems code genaration

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • hackajar
    replied
    was I hiding under a rock six months ago when this thread was started? How could I have missed this! Very odd and strange indeed

    Leave a comment:


  • Chris
    replied
    Originally posted by no1inparticular
    I would think that someone "working" on an internal...etc...would be able to spell words like "encryption" and "encrypted", "create" and know such grammar gems as "Who knows how" reads a lot easier than who know how...and on and on and on and on...

    Yeah? And I would think that someone who decides to be a smart ass with their first post would find a thread that isn't over six months old to do it in.

    Don't come here being an ass...ass.

    Leave a comment:


  • no1inparticular
    replied
    Originally posted by oby
    Am currently working on an internal host to host payment system using triple encription. Am using a combination of static data such as account number or card number which will be triple ecriypted using special card verification key pair. Selected digits from the result will be used to creat the CVV and will be written onto the magnetic stripe. My problem is how to generate the CVV using the assigned card number and expiry date. should I assign any numbers or is there any formula or algorithim to do this. If I have to assign any number when the users are many how will I handle this? who know how I can automaticaly genarate the CVV hence it will provide an added level of confidence that the card will not be easly cdublicated. Also I will further generate CVV2 to be used for telephone authorisation. Any HELP!!!!!

    just curious...a small question from the fish...

    I would think that someone "working" on an internal...etc...would be able to spell words like "encryption" and "encrypted", "create" and know such grammar gems as "Who knows how" reads a lot easier than who know how...and on and on and on and on...

    I could keep going but man...my red pen is running out of ink...

    hooked on phonics worked for me....I can spele just fine...

    no1

    Leave a comment:


  • Medic
    replied
    Originally posted by oby
    the project is tageting African electricity trading industries in markets related to Power Exchanges, Financial Trading, Clearing and Settlement systems etc.
    If you're working with such powerhouses and large bank accounts, why post on a hacker forum for information? Call the credit card companies. They'll answer all your questions.

    Originally posted by skroo
    Hi. I'm calling bullshit on you.
    ++

    --Medic

    Leave a comment:


  • skroo
    replied
    Originally posted by oby
    So PLEASE your self.
    s/please/pleasure.

    Leave a comment:


  • bascule
    replied
    I find it highly unlikely that there is a mathematical relationship between the CVV number and the CCN. Given the relatively small space of CVV numbers, any relationship would allow the CVV to be brute forced trivially. I would certainly hope that CVV numbers are generated randomly by the credit card company, and function much more like a PIN.

    Leave a comment:


  • LosT
    replied
    Originally posted by oby
    I have to explain here to see if you can get where am comming from!!!
    the project is tageting African electricity trading industries in markets related to Power Exchanges, Financial Trading, Clearing and Settlement systems etc. There is a need therefore to further develop relevant capacity in order to establish and strategically position the group in this new business environment.
    An important area is in the financial transaction processing (automated electronic transfer of funds and payments etc). In order to achieve this, we require capacity and skills in e/m commerce technologies such as SMS, WAP, WIG, J2ME (java 2 micro edition) GPRS and Low Earth Orbit Satellite Comms.y
    This we can't afford, so a group of people are called to give kind of open ended peer to peer service.
    Now we are doing some thing close to AES but without any knwlg... of the technology. Now we are doing it on own . We can,t afford BCSS software. etc.
    This is the much I can explan , Ican't tell you exactly what it is this is close as ever.
    This is a big forum, am not stupid.
    So PLEASE your self.

    Are you sure you're not Bob Knuth?

    LosT

    Leave a comment:


  • oby
    replied
    I have to explain here to see if you can get where am comming from!!!
    the project is tageting African electricity trading industries in markets related to Power Exchanges, Financial Trading, Clearing and Settlement systems etc. There is a need therefore to further develop relevant capacity in order to establish and strategically position the group in this new business environment.
    An important area is in the financial transaction processing (automated electronic transfer of funds and payments etc). In order to achieve this, we require capacity and skills in e/m commerce technologies such as SMS, WAP, WIG, J2ME (java 2 micro edition) GPRS and Low Earth Orbit Satellite Comms.y
    This we can't afford, so a group of people are called to give kind of open ended peer to peer service.
    Now we are doing some thing close to AES but without any knwlg... of the technology. Now we are doing it on own . We can,t afford BCSS software. etc.
    This is the much I can explan , Ican't tell you exactly what it is this is close as ever.
    This is a big forum, am not stupid.
    So PLEASE your self.

    Leave a comment:


  • skroo
    replied
    Originally posted by oby
    Thanx for the Bull... call.
    No problem.

    What I say is an internal host to host currency payment. If do not know what to say stop making nasty statements.
    I'm not making nasty statements, I'm asking you to prove that you haven't started this thread solely for the purposes of trying to ask a question clearly forbidden in the rules by making it appear to be somehow legitimate. It wouldn't be the first time someone's tried doing it, and quite frankly the way this thread has been going it's not inspiring any confidence that you're on the level here.

    I ask a qustion in a forum. if I want to know how to get CCV what for??
    Fucked if I know, since I can't read your mind - hence my earlier comment re: calling bullshit on you. Incidentally, I notice that you haven't answered any of the points I raised in that post, rather going immediately on the defensive. Quite frankly, this isn't doing you any favours either.

    Can't we look inwards ??? This is an internal thing that will run like a credit card network, Helloo
    Nope. Not buying that. Here's the text of your original post:

    Am currently working on an internal host to host payment system using triple encription. Am using a combination of static data such as account number or card number which will be triple ecriypted using special card verification key pair. Selected digits from the result will be used to creat the CVV and will be written onto the magnetic stripe. My problem is how to generate the CVV using the assigned card number and expiry date. should I assign any numbers or is there any formula or algorithim to do this. If I have to assign any number when the users are many how will I handle this? who know how I can automaticaly genarate the CVV hence it will provide an added level of confidence that the card will not be easly cdublicated. Also I will further generate CVV2 to be used for telephone authorisation. Any HELP!!!!!
    Here's where I'm having problems with all of this: the CVV is used as a *physical* means of security only. It is *NOT* transmitted as part of the card number or other verification info. There is no reason for this to be included with other information passed on in a card-not-present transaction - its sole purpose is to verify that the person posessing the physical card has it in their hands. In fact, transmitting this along with the card number, etc. would defeat the entire purpose of the CVV number, with the added possibility of enabling someone to create a forged physical card.

    This plus your comments about writing out magstripes as well as the generally poor explanation of why you're doing this in the first place makes me highly suspicious of your motives. Too many things here don't add up so, again, I'm calling bullshit on you.

    Leave a comment:


  • oby
    replied
    Thanx for the Bull... call.
    What I say is an internal host to host currency payment. If do not know what to say stop making nasty statements. I ask a qustion in a forum. if I want to know how to get CCV what for??
    Can't we look inwards ??? This is an internal thing that will run like a credit card network, Helloo

    Leave a comment:


  • skroo
    replied
    Originally posted by oby
    Is there where I can download and run any program to generate CVV. That will definitly be great or stuff like cvvGen . will be greatfull on more info regarding crdit card networks, dumbs etc
    Hi. I'm calling bullshit on you. If you really were developing the host-to-host payment system you claim to be, you'd be able to speak directly with the credit card companies to obtain this info.

    So, am I wrong? Or are you trying to slide a 'please tell me how 2 get CC numbarz kthx' post under the radar?

    Leave a comment:


  • oby
    replied
    Originally posted by Medic
    I've designed am implemented a similar system.

    is useless. Use a known trusted standard and encrypt it once. AES should work just fine. If you're looking to store the information in a databse, store the SHA-1 digest of it and just hash and compare to make sure they match.

    DES keys don't run in pairs. You have a 56 bit DES key, or a 168 bit 3DES key (3-56 bit DES keys). You're probably thinking RSA.


    Use known standards for everything, don't complicate things or think you can write something more secure. RSA has been around since the 70s and the only viable attack against it is brute force.

    More specific questions will get more specific answers. :)


    I think I'm going to try and present at Defcon in 05 regarding the credit card networks. We'll see if time allows.

    --Medic

    Is there where I can download and run any program to generate CVV. That will definitly be great or stuff like cvvGen . will be greatfull on more info regarding crdit card networks, dumbs etc

    Thanks
    Last edited by oby; November 12, 2004, 12:01.

    Leave a comment:


  • Medic
    replied
    I've designed am implemented a similar system.

    triple encription
    is useless. Use a known trusted standard and encrypt it once. AES should work just fine. If you're looking to store the information in a databse, store the SHA-1 digest of it and just hash and compare to make sure they match.

    A pair of Des keys (CVKs)
    DES keys don't run in pairs. You have a 56 bit DES key, or a 168 bit 3DES key (3-56 bit DES keys). You're probably thinking RSA.


    Use known standards for everything, don't complicate things or think you can write something more secure. RSA has been around since the 70s and the only viable attack against it is brute force.

    More specific questions will get more specific answers. :)


    I think I'm going to try and present at Defcon in 05 regarding the credit card networks. We'll see if time allows.

    --Medic

    Leave a comment:


  • oby
    replied
    Originally posted by LosT
    I didn't clarify...that is exactly what I meant...there are forums specifically for the discussion of this type of topic...

    LosT
    ???which forums are specifically for this kind of discussion??
    More info for who may wish to add.
    What am looking for now is the mathematical relationship between the following:
    Primary account number (PAN)
    2 0r 4 digit exairy date
    3-digit service code (sometimes non zero)
    A pair of Des keys (CVKs)
    who have come across the relatioship either in algorithim or simple formula
    You may direct me where to read up or kind of encription to play with???

    Leave a comment:


  • LosT
    replied
    Originally posted by noid
    I'd say this is the proper forum, he just may not have much luck finding the expertise he needs.

    I didn't clarify...that is exactly what I meant...there are forums specifically for the discussion of this type of topic...

    LosT

    Leave a comment:

Working...
X