algorithm - Generate a Random key based on Input Number -

September 15, 2012

i have list of integers (emplyoee id's) 8 digits long (although start 00, 8 digits long)

for each employee need generate key is:

- 5 chars including [a-z][a-z][0-9] - must include 1 of [a-z] - must include 1 of [0-9] - generated key must unique - if know employees id should not able determine key

i need produce algorithm generate keys want avoid having record keys against employees if possible. more think more problems encounter.

if can avoid don't want generate keys , store them somewhere - rather calculated on fly

i allowed hide secret in system use make sure keys non deterministic unless know secret.

i thought of using standard hash algroythms (with salt) limits of target space , limits of including 1 a-z , 1 0-9 seem prevent this.

one way think might use solve problem:

1. build deteremnistic function maps integers starting 1 [1, 2, 3, ...] every possible result value 2. map integers [1, 2, ...] random other integers in desired range [324, 43565, ...] in way preserves uniqueness (based on secret salt if changed result in different order).

this guarantee uniqueness step 1 tricky. result set discontinuous, values may missing capital letter , others miss number.

i round starting every code a1 technically work reduced result space 5 chars 3 chars.

can suggest simple work , avoid me having keep record of generated results unique checking?

as mentioned ralf easiest way achieve required amount of variation of keys change position of capital letter , number, giving 2 * 26 * 10 * 62 * 62 * 62 or >120000000 possible combinations.

to make key not directly derivable employee id suggest simple xor secret 8 digit number. use simple modulus followed division each character.

char = x % 62 x = (x - (x % 62)) / 62

for instance in javascript:

function id2key(id, secret) {     var table = '0123456789abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz';     var key = new array(5); // initialize key     // changed xor rot10     // var scrambled = id ^ secret; // "encrypt" employee id secret     var scrambled = 0;     while (id) {         var rotated = ((id % 10) + (secret % 10)) % 10;         scrambled = (scrambled * 10) + rotated;         id = math.floor(id / 10);         secret = math.floor(secret / 10)     }      var capital_index = scrambled % 2; // determine if capital letter should first     scrambled = (scrambled - capital_index) / 2;     var capital = table[36 + (scrambled % 26)]; // find capital letter     key[capital_index] = capital;     scrambled = (scrambled - (scrambled % 26)) / 26;      var num = scrambled % 10; // find number     key[1-capital_index] = table[num]; // if capital letter first place number second , visa versa     scrambled = (scrambled - (scrambled % 10)) / 10;      // find remaining 3 characters     key[2] = table[scrambled % 62];     scrambled = (scrambled - (scrambled % 62)) / 62;      key[3] = table[scrambled % 62];     scrambled = (scrambled - (scrambled % 62)) / 62;      key[4] = table[scrambled % 62];     return key.join(""); }

live demo js bin

edit addressing xor failures - address failure cases brought in comments changed method of scrambling id rotation based on secret can 8 digit number.

edit clarifying vulnerabilities - since understand requirements little better, employee's know id , key, should clarify cryptographic concepts. given small input range, , restrictive output there no possible way make key cryptographically secure. using established encryption algorithm 128 bit aes resulting strength won't better @ 100000000 brute-force attempts crack, insignificant compute. in mind, way have semblance of security secret and algorithm remain secret. in case person attempting derive secret id , key couldn't know correct unless had access multiple id-key pairs.

Search This Blog

How Y

algorithm - Generate a Random key based on Input Number -

Comments

Post a Comment

Popular posts from this blog

Is there a better way to structure post methods in Class Based Views -

performance - Why is XCHG reg, reg a 3 micro-op instruction on modern Intel architectures? -

c# - Asp.net web api : redirect unauthorized requst to forbidden page -