Wednesday, November 10, 2004

Encrypted JavaScript

The title of this blog post is not meant to be oxymoronic or anything. My AT&T Wireless statements actually come as email attachments of an HTML file whose contents are encrypted using JavaScript. The decryption key is based on your phone number, zip code, and Social Security number. The crazy thing about it is that this plain HTML file, transmitted over an insecure email connection, which you can right-click and View Source on, can actually be completely secure. That's one of those mysteries of computer science that never ceases to amaze me: you can give someone a big block of data, plus the instructions on how to read it, and it can still be nearly-computationally-impossible to read without the proper key. I took a whole semester of cryptography and that fact still continues to impress and delight me.

Now, if only I could figure out how to get AT&T Wireless (Cingular) to automatically bill me for the entire amount of the bill, instead of $X - $0.63 or something insane like they usually do.

No comments: