 |
|
|
|
|
|
Altaf Najvani
I tried to translate the CS Version of your uniqueKey Program, but some is lost in the translation. Was wondering if you could help me figure it out. I keep getting the a string back 8 times in a long string. Tried to link to you on Link website, but was not successful.
Dim maxSize As Integer = 8
Dim minSize As Integer = 5
Dim chars(61) As Char
Dim a As String
a = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"
chars = a.ToCharArray()
Dim size As Integer = maxSize
Dim data(0) As Byte
Dim crypto As New RNGCryptoServiceProvider()
crypto.GetNonZeroBytes(data)
size = maxSize
data = New Byte(size - 1) {}
crypto.GetNonZeroBytes(data)
Dim result As New StringBuilder(size)
For Each b As Byte In data
result.Append(chars)
Next b
Return result.ToString()
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
it will work! I m using it in my system !! there wil b collisions but not so much !! u can experiment it with little change in attached source code.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In your code i.e
private string GetUniqueKey()
{
int maxSize = 8 ;
int minSize = 5 ;
char[] chars = new char[62];
string a;
a = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
chars = a.ToCharArray();
int size = maxSize ;
byte[] data = new byte[1];
RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
crypto.GetNonZeroBytes(data) ;
size = maxSize ;
data = new byte[size];
crypto.GetNonZeroBytes(data);
StringBuilder result = new StringBuilder(size) ;
foreach(byte b in data )
{ result.Append(chars1)> ; }
return result.ToString();
}
I am getting an error in the line"result.Append(chars1)>" Can u point out d error. Please as i am finding your code very useful. If it works. Please help me out.
|
| Sign In·View Thread·PermaLink | 5.00/5 (1 vote) |
|
|
|
|
|
|
|
|
|
100,000 keys
0 dups
1,000,000 keys
0 dups
10,000,000 keys
0 dups
I ran each of these with 5 concurrent threads generating and adding keys to the same hashtable. Each test was executed 3 times.
w/ the speed that these are generated in it wouldn't be hard to grab a new one if it wasn't unique. I'm going to use this method for a file system data store to uniquely name the files. Granted I'll never even come close to having even 10,000 files under one directory so this solution is both efficient and effective for my needs.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
private string GetUniqueKey()
{
int maxSize = 8 ;
int minSize = 5 ;
char[] chars = new char[62];
string a;
a = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
chars = a.ToCharArray();
int size = maxSize ;
byte[] data = new byte[1];
RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
crypto.GetNonZeroBytes(data) ;
size = maxSize ;
data = new byte[size];
crypto.GetNonZeroBytes(data);
StringBuilder result = new StringBuilder(size) ;
foreach(byte b in data )
{ result.Append(chars1)>; }
return result.ToString();
}
i have to use it for my project.... wen i ran this code i got an error in the 'foreach' loop...
the error is coming on the... result.append(chars1)>; line..
please let me know wot the error is and how i can solve it....
thanks..
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
i have a gridview which is storing a record .i want to generate a unique no while saving one record.
the format should be like (pscode(2place),year(4place)and num(4place))
example:- 01-2007-0001
where ps_code is char(2),
year comes form date-which is of date and time datattype
and the last 4 place are char(4),
where ps_code and date are the field of my data base.i want retrive ps_code and year from my database to generate the unique number.
can tell me how will i do it?
i am devloping a web applcation where the backend is vb.net2005.
|
| Sign In·View Thread·PermaLink | 1.56/5 (3 votes) |
|
|
|
|
|
|
I beleive that it would be a better approach with the collision with seeded values would make the collisions negligible.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
I'm missing something here. Do you mean that it would be better to use a truncated SHA or MD5 hash? I'm certainly no mathmatician but I'm guessing that the number of collisions would increase dramatically by truncating all but the first 8 bytes. Since my mind struggles with things it can't visualize, somebody let me know if my statement is incorrect so I can revise my world a little.
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
Perhaps I made an error, but after generating 100,000 hashes from DateTime.Now I got 100,000 collisions on SHA1 and 99,999 with MD5 using only the first 8 characters. Here is the method, tell me if my method is flawed:
int coll = 0;
List hashs = new List(); ;
string hashed;
for (int i = 0; i < 100000; i++)
{
MD5CryptoServiceProvider crypto = new MD5CryptoServiceProvider();
byte[] buffer = ASCIIEncoding.ASCII.GetBytes(DateTime.Now.ToString());
byte[] hash = crypto.ComputeHash(buffer);
hashed = hash.ToString().Substring(0, 8);
if (hashs.Contains(hashed))
coll++;
hashs.Add(hashed);
}
And then I did the exact same thing with SHA1CryptoServiceProvider.
p.s. pardon the poor variable names and generall messiness, I did not spend much time on this.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
This is more along the lines of what I would expect. It's not so much your code but your expectation. Unlike an encryption algorithm, a hash is designed to create the same number from the same data every time. Since you are making hashes from sequential data, the first part of the hash is going to be the same. Try the last 8 characters.
Even using the last eight, you will still get numerous collisions.
One more thing. The way .net works, a tight loop like that may be returning the same datetime value throughout the entire 99,000 iterations. Since .net likes to get ahead of itself, you could try throwing in a small delay.
SHA256, 384 & 512 are much stronger than MD5 in terms of encryption but we're not really encrypting; we're just trying to generate random unique id's.
As I recall, when you first started, you were using random numbers rather than timestamps. If you're going to use a hash, I would stick with the random numbers.
You could also consider using a key generation algorithm. This way, your invoices could be self-validating. Again, it's not really extreme security but it's kinda cool. That way, if somebody tried to guess an invoice number, they would have had to use a key generator with the same algorithm and password.
|
| Sign In·View Thread·PermaLink | 3.50/5 (2 votes) |
|
|
|
|
|
|
If you are using the key to protect sensitive data, this is a misapplication. Even casual crackers won't be put off by a 64 bit key. Inexpensive computers can easily handle the number of permutations required to create a collision. Just look at how long it took to generate 100,000 keys.
Sensitive data should be protected by a login system using strong passwords and encryption. AES, Blowfish, and Twofish seem to be the best. The database record itself can be linked to the login account so even if a cracker could create a collision, they still couldn't access the data.
On the other hand, if the objective is to create unique transaction ID's, it doesn't matter if they're sequential because they shouldn't be guarding the data. You could use a random increment value to leave "holes" in the sequence but even that wouldn't matter.
If you want something that looks more unique than '1234567' (the Spaceballs password), you can use a combination of a serial number, date, customer ID, time, random machine state, and a CRC (to validate). With a little work, this can be kept to 8 printable bytes. Also, consider using bit flags and different generation methods. For instance, bit 0 of byte 3 could indicate a different sequence to the bytes. The date and time are going to be the most unique portions of the key.
Another approach is to pre-compute sufficient unique keys to cover anticipated transactions. This way, you can eliminate collisions up front and identify anything that looks sequential. The assignment code simply picks an unassigned number from a database. You could even randomize that process if you wanted.
These are practical approaches to the problem that don't place undue expectations on the results. I'm sure there are thousands of coders and mathematicians that can come up with more unique and inventive approaches than this. My point is that there is a conflict in the basic premise: an 8 byte printable key code cannot provide significant data security no matter how random.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
This is a silly article. I suppose I can think of various reasons where a pseudo-unique number would be useful, but this certainly isn't one of them.
There is a perceived security benefit, but it's "security by obfuscation", which is weak, to say the least.
However, if that were the purpose, then looking for an algorithm that has the provides the best distribution is unnecessary. Conflicts will exist and thus must be handled. And since they are handled, the scope of the conflicts are relatively immaterial.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Kasajian, I would agree that the basic premise of this article isn't a useful application but it could certainly provide useful information for someone else with a similar question. I have seen this type of question several times (and even had it myself several years ago). The answer to the question is simple: it's not needed. But, the article is valuable for anyone thinking that they are providing security by using a pseudo-random number. I can say that attackers as a whole are more versed in security than the average software developer. Developers need to become much more knowledgeable in encryption, validation, and security than they are now. Even Microsoft gets hacked on a regular basis.
For anyone reading this thread, it is important to understand that as computers become more powerful, hackers' abilities to crack code and leap firewalls increases. MD5 used to be considered secure. It probably shouldn't even be used anymore. Digital signatures can be faked and even strong encryption can be broken if the user doesn't take specific precautions. There is an entire community out there dedicated to "reverse engineering" and they are pretty smart folks.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
Yup. For every lock there's a lock-picker. Paranoia is getting the best of me. Gotta go to my bomb shelter now.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
From my reading of this article you want to
(1) create a short unique key
(2) make it difficult to guess this key given previous keys
An easy solution that would give you these properties is a linear congruential generator (which are often used for quick and dirty random number generators) see http://en.wikipedia.org/wiki/Linear_congruential_generator
You choose a seed (that is only know to you), then each time you call MyRandom.Next you get another number that you have not had before (because of the special choice of constants m and c). Given that no-one knows your seed or the exact method or even more than a handful of keys it would be unlikely that a casual observer would crack your pattern.
public class MyRandom : Random
{
public MyRandom(int seed)
{
this.seed = (ulong)seed;
}
private ulong seed;
const ulong m = 1664525;
const ulong c = 1013904223;
public override int Next()
{
//return base.Next();
unchecked
{
seed = seed*m + c;
}
return (int)(seed & 0xFFFFFFFFu);
}
}
This will generate uint.MaxValue (or about 4,000,000,000) unique keys before duplication. In addition it will be very fast (a 64 bit multiply, add, mask and cast for each new number).
What do you think?
|
| Sign In·View Thread·PermaLink | 5.00/5 (1 vote) |
|
|
|
|
|
|
|
|
|
|
