ansaurus

Question

Is there a method to randomize integers so that visitors can't figure out the sequence of objects

Answer 1

+6 A:

You could pass your integer as the seed to a random number generator. (Just make sure that it would be unique)

You could also generate the SHA-512c hash of the integer and use that instead.

However, the best thing to do here is to use a GUID instead of an integer.

EDIT: If it needs to be reversible, the correct way to do it is to encrypt the number using AES or a different encryption algorithm. However, this won't result in a number between one and a million.

SLaks 2009-12-29 16:13:12

+1 for GUID.....

Robert Harvey 2009-12-29 16:13:51

Agreed on the guid. Some sites go a bit further and base64 encode the GUID which results in a smaller and more readable identifier.

Chris Lively 2009-12-29 16:14:38

i need to be able to decrypt my integer back so a random number generator wont work.and i need the number to be in a specific range like 1 to 1000000 so of course the uid wont work.

Karim 2009-12-29 16:24:39

@Karim, that's a lot of conditions for just some simple obfuscation.

Robert Harvey 2009-12-29 16:27:21

Is there a reason you have to use 1-100000, beyond "thats what the system uses"? Can you modify your code to just use UIDs, or is there a specific reason it must be an integer in that range?

cyberconte 2009-12-29 16:30:58

the range is a business decision and it dont need to be 1 to 100000.it maybe be a multiple of 2 so 2^20 = 1048576 is perfectly valid.this will be the reference number. the original number will be a normal sequence.

Karim 2009-12-29 16:39:15

Answer 2

+5 A:

Don't rely on obscurity -- i.e., non-sequential ids -- for security. Build your app so that even if someone does guess the next id, it's still secure.

If you do need non-sequential ids, though. Generate a new id each time randomly. Store that in your table as a indexed (uniquely) column along with your autogenerated primary key id. Then all you need to do is a look up on that column to get back the real id.

tvanfosson 2009-12-29 16:30:35

well i wanted a method that uses some kind of key and doesnt involve the DB to simplify the system. i mean storing the id in the DB is an extra trip to the DB server.

Karim 2009-12-29 16:41:30

Answer 3

+4 A:

EDIT: In general, I prefer tvanfosson's approach on both scores. However, here's an answer to the question as stated...

These are fairly strange design constraints, to be honest - but they're reasonably easy to deal with:

Pick an arbitrary RNG seed which you will use on every execution of your program
Create an instance of Random using that seed
Create an array of integers 1..1000000
Shuffle the array using the Random instance

Create a "reverse mapping" array by going through the original array like this:

   int[] reverseMapping = new int[mapping.Length];
   for (int i = 0; i < mapping.Length; i++)
   {
        reverseMapping[mapping[i]] = i + 1;
   }

Then you can map both ways. This does rely on the algorithm used by Random not changing, admittedly... if that's a concern, you could always generate this mapping once and save it somewhere.

Jon Skeet 2009-12-29 16:30:37

well i wanted something more simple. i was thinking of xor and shifting the bits. and maybe rearanging the bit positions using some kind of table.that is move bit 1 to 5and bit 5 to 2 and so on.

Karim 2009-12-29 16:47:10

Answer 4

A:

Loadmaster 2009-12-29 16:53:01

ansaurus

tags:

views:

answers:

Is there a method to randomize integers so that visitors can't figure out the sequence of objects

related questions