tags:

views:

99

answers:

2
+2  Q: 

Unique Identifiers that are User-Friendly and Hard to Guess

Hi,

My team is working on an application with a legacy database that uses two different values as unique identifiers for a Group object: Id is an auto-incrementing Identity column whose value is determined by the database upon insertion. GroupCode is determined by the application after insertion, and is "Group" + theGroup.Id.

What we need is an algorithm to generate GroupCode's that:

  1. Are unique.
  2. Are reasonably easy for a user to type in correctly.
  3. Are difficult for a hacker to guess.
  4. Are either created by the database upon insertion, or are created by the app before the insertion (i.e. not dependent on the identity column).

The existing solution meets the first two criteria, but not the last two. Does anyone know of a good solution to meet all of the above criteria?

One more note: Even though this code is used externally by users, and even though Id would make a better identifier for other tables to link their foreign keys to, the GroupCode is used by other tables to refer to a specific Group.

Thanks in advance.

A: 

Have you looked into Base32/Base36 content encoding? Base32 representation of a Identity seed column will make it unique, easy to enter but definitely not secure. However most non-programmers will have no idea how the string value is generated.

Also using Base32/36 you can maintain normal database integer based primary keys.

Kane  2009-09-14 13:16:59
Base32 takes 20% more space than Base64, witch will result in so huge strings :-/
balexandre  2010-10-12 07:06:49
A: 

Would it be possible to add a new column? It could consist of the Identity and a random 32-bit number.

That 64 bit number could then be translated to a «Memorable Random String». It wouldn't be perfect security wise but could be good enough.

Here's an example using Ruby and the Koremutake gem.

require 'koremu'
# http://pastie.org/96316 adds Array.chunk
identity=104711
r=rand(2**32)<<32 # in this example 5946631977955229696
ka = KoremuFixnum.new(r+identity).to_ka.chunk(3)
ka.each {|arr| print KoremuArray.new(arr).to_ks + " "}

Result:

TUSADA REGRUMI LEBADE

Also check out Phonetically Memorable Password Generation Algorithms.

Jonas Elfström  2009-09-14 20:32:52
This reminds me of: http://thedailywtf.com/Articles/The-Automated-Curse-Generator.aspx
Skilldrick  2009-11-07 15:18:07

related questions

Why do websites generate random alphanumeric strings for urls instead of using row ids?
java: <identifier> expected with ArrayList
How can get Python isidentifer() functionality in Python 2.6?
change flex application identifier string
Get a unique computer ID in python on windows and linux
VB.NET, what is the difference between Boolean and [Boolean] ?
Is it possible to "escape" a method name in PHP, to be able to have a method name that clashes with a reserved keyword?
MySQL: is there something like an internal record identifier for every record in a MySQL table?
jquery.min.js error in ie6
Can't install application on iPhone
What is the real reason for Ruby class names being capitalised?
Is there a method in C# to check if a string is a valid identifier
SQL-Query with a multi-part identifier problem within a subquery
iPhone: Is there a way to loadFromNib AND have a reuseIdentifier?
Is it possible to make four (and more) part Uniform Type Identifiers?
Rolling back identifiers NHibernate
Invalid compiler-generated .NET Class Name
Bundle Identifier
"seekg identifier not found"
What can you NOT use an identifier for?
Identifiers or Variables which is which?
Python globals, locals, and UnboundLocalError
Getting a unique id from a unix-like system
Generating a unique ID in PHP