ansaurus

Question

Ideas to create a small (<10 digits), not (very) secure "hash"

Answer 1

+5 A:

I suggest you give the Verhoeff algorithm a try.

Alix Axel 2009-05-21 00:35:35

This sounds interesting...

Jaime 2009-05-21 16:05:34

Answer 2

+3 A:

Two ways I can see:

Generate a random number, or at least a random part for a number, and store it in a central database. Then download the database into all the gate systems to check against.
The number has to be self-sufficient. In other words, the number has to be able to check out without the saved list. This sounds like some kind of checksum system. For instance, you could issue numbers from 1 and upwards, make them 5 digits (00000-99999 = 100.000 numbers), and prepende 1-3 letters, making sure you end up with a checksum that would check out.

Lasse V. Karlsen 2009-05-21 00:37:16

The problem with no. 1 is that I must be able to work off line, and a ticket could have been bought online just a few minutes earlier, so I could never have an up to date version of the ticket db. Now as for no 2, how would you make one ticket code sufficiently different from the previous one?

Jaime 2009-05-21 16:05:05

Answer 3

A:

For offline verification, I see only one easy solution..

Append to the ticket ID a hash of the ticket ID and a per-event salt. You can truncate any cryptographic hash to the size desired. I can't think of a particular reason to use anything but a random number for the base ticket ID itself.

This allows you to limit the size of the ticket ID and have a clearly proportional security in relation to the size of the ticket ID.

chuck 2009-05-21 01:14:40

This is what I'm thinking too, but how valid (in terms of variability and number of hashes) is to use only part of say an MD5 hash?

Jaime 2009-05-21 16:02:17

If it's a cryptographically secure hash (even discounting the fact that MD5 has been broken), using part of the hash should provide the expected/proportional decrease in variability and number of hashes. For example, to decrease the hash size from 128 bits to 32 bits (regardless of which 32 bits you choose), you decrease the number of possible hashes from 2^128 to 2^32. The complexity of a brute-force attack or likelyhood of an accidental collision is made proportionally easier as well.

chuck 2009-05-22 19:58:06

Answer 4

+1 A:

Consider a very simple scheme based on a Feistel network to permute, say, the ticket ID number. This message (which happens to be on the PostgreSQL lists but doesn't really have much to do with PostgreSQL) describes a simple Feistel network. On each ticket you could print a ticket ID number (sequentially chosen), then a "ticket secret code" that's the result of putting the ID number through a Feistel network. Possible variations include appending a check digit to the secret code, and basing the input to the Feistel network on more than just the sequentially generated number (number + 10,000 * event ID number, et cetera).

kquinn 2009-05-21 01:27:49

Thanks, this pointed me in the right direction combined with a Verhoeff check digit and a hash of what I can reconstruct.

Jaime 2009-05-22 17:01:59

Answer 5

A:

You could do a CRC calculation.

Basically, just start to add each character in the string, and limit the length to a long integer.

You may start with a known random number and store it in the first 4 bytes, and have the last four be a calculation as I described earlier.

This would be two ints, or eight bytes.

James Black 2009-05-21 02:19:41

Answer 6

A:

Here's a scheme that has the advantage of letting you calculate the next ticket hash from the previous (so you can verify whether one is missing), but doesn't let outsiders calculate the next one:

Ticket.0 = substring(HASH(SALT + IV        ), 0, LENGTH)
Ticket.i = substring(HASH(SALT + Ticket.i-1), 0, LENGTH)

where

HASH is any hashing function that distributes its entropy relatively evenly across the output string
SALT is a constant you keep secret; it's a good idea to use a different one for each event
IV is another constant you keep secret
LENGTH is the length of the ticket ID you want (10 in your question, but 12 is not out of the question and gives you 256 times as many ticket IDs)

James A. Rosen 2009-05-21 02:48:21

That can't be verified if the computer is down. Or are you suggesting the computers at the door calc up to the ticket number from scratch?

jmucchiello 2009-05-21 03:34:28

The problem I see is that the computer at the door can't verify if a given ticket is valid, since it does not have all the ticket locally. Or am I missing something?

Jaime 2009-05-21 15:59:29

I assume any solution has to have a local copy of the database of all generated tickets. The advantage of this solution is that you can generate the database offline from the 4-tuple<SALT, IV, LENGTH, numberOfTicketsSold>. And if numberOfTicketsSold changes (b/c someone buys one online 7 minutes before the show), it's easy to append more values to the database. Yet the values are hard to calculate without the 4-tuple.

James A. Rosen 2009-05-21 23:04:15

@jmucchiello you can't have "the computers at the door calc up to the ticket number from scratch" because the ticket # might be invalid, so the program would never halt. That's why you need numberOfTicketsSold.

James A. Rosen 2009-05-22 00:31:45

Ideally I would have access to the central db where I can verify that the ticket is a) valid and b) has not been used before. The problem lies where I lose all the connection to the central db, so I can't get updates into the local db and I can't verify valid/unused ticket numbers, in which case, in order not to block the entry of people, is "reasonable" to just make sure the ticket code is not forged and that hasn't been used at that gate (that info can be kept locally), an let the person in.

Jaime 2009-05-22 21:38:02

Answer 7

+4 A:

Why reinvent the wheel? Just do something like this (Python Code, ask me if you need clarification):

import hashlib

secretpassword = "blah"

def createticket(eventnum, ticketnum):
    m = hashlib.md5() # or any crypto hash you like
    m.update("%s%s%s" % (eventnum, ticketnum, secretpassword))
    return m.hexdigest()[:10]

Example:

Event Number 1

Ticket Number 123

createticket(1,123)
# output: 2d7f242597

Mr ticketman comes around with his verifier and enters in the event/ticket number and the hash:

def verifier(eventnum, ticketnum, hash):
    return hash == createticket(eventnum, ticketnum)

verifier(1,123, "2d7f242597")
# ouput: True

Unknown 2009-05-21 03:16:10

Maybe I'm not getting this right, but my problem with a full hash (ala md5) is that I don't have the ticket number for verification, so I cannot create a hash to verify against. This may be a different question, how valid is to just use the first x digits of the hash?

Jaime 2009-05-21 15:57:44

@jaimedp, that's why when you print the ticket, you include the event number and the ticket number along with the hash. It is completely valid to use the first x digits of the hash because all good cryptographic hashes should distribute entropy to all digits (avalanche effect).

Unknown 2009-05-23 03:30:30

@jaimedp, also when you print out the barcode, just encode the event number and ticket number as the first few positions. There's no reason for you not to have the information. In fact, this solution is practically the same as the one that you accepted except that you have to muck around with your own block cipher.

Unknown 2009-05-23 03:47:58

@Jaime: This is the correct answer. Writing a custom hash is not only certainly less secure, but *(more importantly, for your case)* is much more work!

BlueRaja - Danny Pflughoeft 2010-07-15 20:54:18

ansaurus

tags:

views:

answers:

Ideas to create a small (<10 digits), not (very) secure "hash"

related questions