java - Secure non-repeating Random alphanumeric URL slug -


i'm able achieve non-repeating random alphanumeric url slug part base58, this, 

private static final char[] base58_chars = "123456789abcdefghjklmnpqrstuvwxyzabcdefghijkmnopqrstuvwxyz".tochararray(); private static final int length = base58_chars.length; public static string genslug(long priimarykeyid) {     char[] buffer = new char[20];     int index = 0;     {         int = (int) (priimarykeyid % length);         buffer[index++] = base58_chars[i];         priimarykeyid = priimarykeyid / length;     } while (priimarykeyid > 0);     return new string(buffer, 0, index); }

but how achieve secure-randomness it?

if 

hashing.sha256().hashstring(genslug(priimarykeyid), standardcharsets.utf_8).tostring();

the slug becomes 64 characters , that's long (expecting same length genslug, between 1 , 12 chars long)..

you truncate output of hash function , still appear random, possibility of hash collision rise. since constraint maximum output of 12 characters, means have truncate hash output 70 bits (12/8 * log(256)/log(58)). due birthday paradox, collision after 270/2 such hashes.

since need guaranteed uniqueness, can use pseudo-random permutation (prp) transform priimarykeyid random token. block cipher such prp. since maximum size of block size 70, can safely use triple des use case. has block size of 64 bit size of long.

example (not thoroughly tested):

private static final char[] base58_chars = "123456789abcdefghjklmnpqrstuvwxyzabcdefghijkmnopqrstuvwxyz".tochararray(); private static final int length = base58_chars.length; private static final biginteger length_bi = biginteger.valueof(length);  // todo: change key random! private static final byte[] key = new byte {1,2,3,4,5,6,7,8,1,2,3,4,5,6,7,8,1,2,3,4,5,6,7,8};  public static string genslug(long priimarykeyid) {     bytebuffer bb = bytebuffer.allocate(8);     bb.putlong(priimarykeyid);      cipher cipher = cipher.getinstance("desede/ecb/nopadding");     cipher.init(cipher.encrypt_mode, new secretkeyspec(key, "desede"));     byte[] encrypted = cipher.dofinal(bb.array());     biginteger bi = new biginteger(1, encrypted);      char[] buffer = new char[20];     int index = 0;     {         biginteger = bi.mod(length_bi);         buffer[index++] = base58_chars[i.intvalue()];         bi = bi.divide(length_bi);     } while (bi.compareto(biginteger.zero) == 1);     return new string(buffer, 0, index); }

the main thing need keep key safe.


Comments

Post a Comment

Popular posts from this blog

ubuntu - PHP script to find files of certain extensions in a directory, returns populated array when run in browser, but empty array when run from terminal -

i running os ububtu 16.04. ultimate goal able run php script cron job every minute. here php script located @ /var/www/html/tests/test/index.php : <?php $directorypath = $_server['document_root']."/tests/test/data/"; echo "directorypath: $directorypath<br><br>";//check $imagefilepathsarray = glob($directorypath . "*.{png,gif}", glob_brace); echo "<br><br>imagefilepathsarray: "; print_r($imagefilepathsarray);//check ?> when open php script in browser visiting url my-ip-address/tests/test/index.php , get: directorypath: /var/www/html/tests/test/data/ imagefilepathsarray:array( [0] => /var/www/html/tests/test/data/pic.png [1] => /var/www/html/tests/test/data/pic.gif ) before writing cron job in crontab file, need check if can run anywhere using terminal . opened ubuntu terminal @ /home/ location, , executed in terminal: sudo php /var/www/html/tests/test/index.php i got following out...
Read more

php - How can i create a user dashboard -

today have questions you, want create user dashboard site, include (obviously), users data, example -email -username -and others stuff how can information, , print them in html page? if can, how can these information via php sessions? shuld use session? example, if user login, , start new session ( session_start() ), how can data print in dashboard? should use php "project"? in advice, have day , thank time!
Read more

javascript - How to detect toggling of the fullscreen-toolbar in jQuery Mobile? -

i have jquery mobile page fixed full-screen toolbar, data-tap-toggle enabled. straight under toolbar have positioned banner should slide upwards when toolbar hiding , slide downward when toolbar showing. jquery mobile toggles toolbar applying , removing ui-fixed-hidden class - sadly, can't find in documentation of toolbar widget toggle , hide or show event that. how can detect when toolbar toggled, reposition banner? .banner { position: fixed; background-color: darkseagreen; top: 46px; min-height: 48px; width: 100%; text-align: center; line-height: 48px; } <!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <link rel="stylesheet" href="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.css"> <script src="https://code.jquery.com/jquery-1....
Read more