Algorithms that can take an N length string and return a fixed size unique value?

Question

I'm looking to add basic licensing to my application. I want to take in the user's name as a parameter and return a unique, fixed length code (sort of like MD5)

What are some algorithms that can do this? Thanks

Answer 1

The SHA algorithms should be decent for this (SHA-1, SHA-512, etc...). They are used in a lot of places where an MD5 could also be used but seem to be more well respected. I use them for password hashing, but sounds like their functionality as a 1-way hash would be good for this as well.

If you want fixed sized, you might then Base64 encode the resulting bytes and take the first N digits that you want. Even though you are losing some of the original hash, that should give you a large enough set of distinct possible keys that you are virtually impossible to get a repeat. As a frame of reference, this is a an example of a Base64 encoded UUID: "iFHqaiNjhTDpxp7ahBPX0A "

The possible result set of a UUID is so large that it is accepted practice to randomly generate them with the expectation that they are unique (I know this is surprising, but do a search).

Answer 2

A simple algorithm would be to raise the nth prime number to the power of the alphbetical value (a = 1, b =2,...) of the ith character in the user's name. See Godel Numbers.

Example

User's Name: Peter

Unique Code: 2^16 + 3 ^ 5 + 5 ^ 20 + 7 ^ 5 + 11 ^ 18 = 5560012680923954692

Answer 3

Seems like a simple 32- or 64-bit CRC would work. Theoretical chances for collision are much higher than with MD5/SHA1, etc, but practically, how many licenses will you generate? A few 10's of thousands? And given that you're using names as input (the only input?), you're almost certain to have collisions because of collisions in the source data.

Answer 4

While concurring with the previous suggestions of MD5 or SHA1 hashes for generating the unique codes you may also want to care about making sure that those codes could not easily be reverse-engineered. In your application, if usernames (the basis for the codes) were publicly available then an attacker (either knowing or guessing your algorithm) could create the codes himself.

If this could be problem then include a random salt string with the username string before creating the hash. The salt could be just a random number or a timestamp - at least not something trivial to guess. You'd need to store this in your license database along with the hash and username so as to be able to verify licenses.