Comments for Ray Morgan

Comment on How to Obfuscate Integer IDs by admin

admin — Sun, 04 Sep 2011 01:42:38 +0000

@vjeux – Yes, that’s probably the easiest way to go, but that requires storing the pseudo-encrypted ID, which wouldn’t satisfy the requirements.

Comment on How to Obfuscate Integer IDs by admin

admin — Sun, 04 Sep 2011 00:27:05 +0000

I made sure NOT to reinvent any encryption at all, but to extend an existing, well-established hash (MD5), to add tamper-resistance and reversibility.

All symmetric-key encryption approaches provide reversibility, but I did not find any that provided tamper-resistance, at least not resulting in a small, compact encrypted ID.

For what it’s worth, I’m in the process of evaluating other base algorithms, so I’m wide open to suggestions.

Comment on How to Obfuscate Integer IDs by cson

cson — Sat, 03 Sep 2011 01:59:38 +0000

Is there a good reason to go with this over just symmetric encryption (e.g. AES)?

Encrypting 4 bytes (Int32) with a 64-bit block size should spit out a result that is about 11 characters (after using base64, please check my math). This seems like a lot of re-inventing the wheel… Is computing these 3 hashes faster than a single AES encryption? I haven’t done the benchmarking myself, but my gut says that even if it is, the benefit likely doesn’t outweigh the use of a standardized encryption scheme.

Comment on How to Obfuscate Integer IDs by admin

admin — Fri, 02 Sep 2011 07:15:38 +0000

Yes, I originally considered various alternatives for just hashing the id, but that didn’t satisfy the requirement NOT to store an encrypted version of the id. With this approach, the only value stored for the id is the indexed serial integer, so lookups are fast and there’s no storage overhead.

Comment on How to Obfuscate Integer IDs by vjeux

vjeux — Thu, 01 Sep 2011 20:52:07 +0000

Have you considered assigning a random number for each new id? It seems to be a much easier way to go.

Comment on How to Obfuscate Integer IDs by admin

admin — Thu, 20 May 2010 00:26:24 +0000

You’re correct that the colon has a special meaning in both the auth and protocol portion of a URI, but it doesn’t cause any problem when used in the query string portion. Still, you can certainly replace it with %3A or change it to use other characters, like dash, dot, $ or underscore, on lines 18 and 24. Integers > 2^31-1 would require a more complex implementation, as PHP’s integer-handling gets sketchy above that number.

Comment on How to Obfuscate Integer IDs by salentinux

salentinux — Wed, 19 May 2010 18:10:40 +0000

Good article,

but it generates the ” : ” character in the encoded string that cannot be in a url because it is used for the authentication. For example encoding the int 1689 with CRYPT_SALT “some random string” generates “NgvsvpI62eNcmhduKmX:w” (without “). This string pasted in a browser will fail due to “:” char.

Waht if I want to support a wider range of integers? (> 2^31-1)

Thanks.

Comment on How to Obfuscate Integer IDs by Tweets that mention How to Obfuscate Integer IDs : Ray Morgan -- Topsy.com

Tweets that mention How to Obfuscate Integer IDs : Ray Morgan -- Topsy.com — Thu, 21 Jan 2010 07:34:29 +0000

[...] This post was mentioned on Twitter by alex knorr, Sam Hunt. Sam Hunt said: News Update: How to Obfuscate Integer IDs : Ray Morgan http://ow.ly/16o00Z [...]

Comment on How to Use the User Interface to Discover All the Use Cases by kenniswong

kenniswong — Tue, 29 Dec 2009 19:06:12 +0000

It totally makes sense. Simple and powerful. Even I understand it…what a feat!