security - Algorithm of unique user identity -
i'm writing service anonymous commenting (plugin social network). have generate pseudo-unique number each user per thread.
so, each post has unique number (for example, 6345) , each user has unique id (9144024). using info need generate unique index in array of avatars.
let's say, there array 312 images, it's static , images in same order every time.
now algorithm looks this:
(post id + user id) % number if images = index (6345 + 9144024) % 312 = 33 and in comment show image index 33. problem it's possible find user id image if find way of generating images (image list in same order).
what best way here without storing per-post info in database, example.
you looking kind of one-way function: computing image id user id should easy, not converse. first thing comes mind here using hash functions: concatenate user id , post id, perhaps salt, compute sha-1 hash of that, , take modulo number of images.
in approach, i'd interpret hash result single 160-bit integer. if don't have big integer library @ hand, can modulo computation incrementally. start highest byte, , in each step multiply current value 28, add together next byte, , cut down sum modulo 312. take lowest 32 or 64 bit or that, , perform modulo on that, although result of approach might less evenly distributed 1 outlined above.
security math
No comments:
Post a Comment