Storing a credit card number directly is dangerous and incurs severe liability of which I'm well aware. I'm wondering though, could one fingerprint a card using it's md5 hash?
The odds against two credit cards having the same md5 is low
How low are the odds against two different credit cards #'s to
- Share the same last 4 digits.
- Share the same md5()
- Share the same md5( strrev( $number ) )
I'm thinking that the odds of this are so ridiculously low as to make an effective fingerprint of when a card has been used before at your site without actually storing the card's number. Thoughts?
And how long would it take a hacker to work their way backwards to the original card number if they had those two md5's of the number. I don't understand the algorithm, for all I know that information would make it ridiculously easy.
This is more of a thought exercise than something with serious application.