Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.java.programmer > #18821 > unrolled thread
| Started by | Magnus Warker <magnux@mailinator.com> |
|---|---|
| First post | 2012-09-18 18:25 +0200 |
| Last post | 2012-09-23 20:57 -0400 |
| Articles | 11 on this page of 31 — 10 participants |
Back to article view | Back to comp.lang.java.programmer
get hexadecimal hash string for a number Magnus Warker <magnux@mailinator.com> - 2012-09-18 18:25 +0200
Re: get hexadecimal hash string for a number markspace <-@.> - 2012-09-18 10:08 -0700
Re: get hexadecimal hash string for a number Lew <lewbloch@gmail.com> - 2012-09-18 10:14 -0700
Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 19:58 -0400
Re: get hexadecimal hash string for a number markspace <-@.> - 2012-09-18 17:27 -0700
Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 21:17 -0400
Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 21:21 -0400
Re: get hexadecimal hash string for a number Magnus Warker <warker@mailinator.com> - 2012-09-19 08:27 +0200
Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-19 18:30 -0400
Re: get hexadecimal hash string for a number Kevin McMurtrie <mcmurtrie@pixelmemory.us> - 2012-09-19 19:06 -0700
Re: get hexadecimal hash string for a number Magnus Warker <warker@mailinator.com> - 2012-09-20 11:32 +0200
Re: get hexadecimal hash string for a number Lew <lewbloch@gmail.com> - 2012-09-18 10:10 -0700
Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 20:02 -0400
Re: get hexadecimal hash string for a number Magnus Warker <warker@mailinator.com> - 2012-09-19 08:18 +0200
Re: get hexadecimal hash string for a number Roedy Green <see_website@mindprod.com.invalid> - 2012-09-18 10:23 -0700
Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 20:00 -0400
Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 20:06 -0400
Re: get hexadecimal hash string for a number markspace <-@.> - 2012-09-18 17:30 -0700
Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-18 21:07 -0400
Re: get hexadecimal hash string for a number Kevin McMurtrie <mcmurtrie@pixelmemory.us> - 2012-09-18 22:50 -0700
Re: get hexadecimal hash string for a number Leif Roar Moldskred <leifm@dimnakorr.com> - 2012-09-19 01:06 -0500
Re: get hexadecimal hash string for a number rossum <rossum48@coldmail.com> - 2012-09-19 17:34 +0100
Re: get hexadecimal hash string for a number Magnus Warker <warker@mailinator.com> - 2012-09-20 11:30 +0200
Re: get hexadecimal hash string for a number rossum <rossum48@coldmail.com> - 2012-09-21 12:48 +0100
Re: get hexadecimal hash string for a number Lew <lewbloch@gmail.com> - 2012-09-21 10:15 -0700
Re: get hexadecimal hash string for a number Magnus Warker <warker@mailinator.com> - 2012-09-26 06:11 +0200
Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-26 09:29 -0400
Re: get hexadecimal hash string for a number Gene Wirchenko <genew@ocis.net> - 2012-09-26 09:18 -0700
Re: get hexadecimal hash string for a number markspace <-@.> - 2012-09-21 10:56 -0700
Re: get hexadecimal hash string for a number Magnus Warker <warker@mailinator.com> - 2012-09-26 06:12 +0200
Re: get hexadecimal hash string for a number Arne Vajhøj <arne@vajhoej.dk> - 2012-09-23 20:57 -0400
Page 2 of 2 — ← Prev page 1 [2]
| From | Leif Roar Moldskred <leifm@dimnakorr.com> |
|---|---|
| Date | 2012-09-19 01:06 -0500 |
| Message-ID | <rMWdnZ03LrFO_cTNnZ2dnUVZ8vGdnZ2d@giganews.com> |
| In reply to | #18821 |
Magnus Warker <magnux@mailinator.com> wrote: > Hi, > > I want users to register on a site and send confirmation emails to them. > These emails should contain a link like this: > > http://myurl?registration=E4AC4BD4 > > Here, "E4AC4BD4" should be a unique string. My idea for such a string is > just to hash an integer, i. e. the internal database key for the > registration record. What technologies are you using to build your website with? Check if there is built-in support for this functionality. -- Leif Roar Moldskred
[toc] | [prev] | [next] | [standalone]
| From | rossum <rossum48@coldmail.com> |
|---|---|
| Date | 2012-09-19 17:34 +0100 |
| Message-ID | <rjsj5819nsu0b14umojnd9bje44u7ttcae@4ax.com> |
| In reply to | #18821 |
On Tue, 18 Sep 2012 18:25:12 +0200, Magnus Warker <magnux@mailinator.com> wrote: >Hi, > >I want users to register on a site and send confirmation emails to them. >These emails should contain a link like this: > >http://myurl?registration=E4AC4BD4 > >Here, "E4AC4BD4" should be a unique string. My idea for such a string is >just to hash an integer, i. e. the internal database key for the >registration record. > >However, I actually don't know how to get such a hash. I tried BCrypt, >but this produces hashes built out of characters that I would not want >to be in a URL, e. g. commatas and that. > >I would like to have a string like this: > >- hexadecimal only >- fixed size, e. g. always n characters, independend of the integer > >Can you help? > >Thank you! > >Magnus As has been pointed out, integers are already unique. Just decide on a large enough fixed size and zero pad the small numbers: 0000000000001 If you want to disguise the actual number you are using, which is what I take your mention of "hash" to mean, then you need an encryption. Each unique input gives a unique output. It has to be unique, otherwise you couldn't decrypt it reliably. For 64 bit numbers, just use DES and encrypt the numbers 0, 1, 2, 3, ... n in turn. For 128 bits use AES. If you want to use a size other than 64 or 128 bits then have a look at Hasty Pudding cypher, which can be set for any desired bit size. Again, you will need to be sure that your chosen bit size will acommodate enough users, with plenty to spare for keeping the gaps numerous enough. rossum
[toc] | [prev] | [next] | [standalone]
| From | Magnus Warker <warker@mailinator.com> |
|---|---|
| Date | 2012-09-20 11:30 +0200 |
| Message-ID | <k3enr5$idj$1@news.albasani.net> |
| In reply to | #18851 |
> As has been pointed out, integers are already unique. Just decide on > a large enough fixed size and zero pad the small numbers: > 0000000000001 > If you want to disguise the actual number you are using, which is what > I take your mention of "hash" to mean, then you need an encryption. > Each unique input gives a unique output. It has to be unique, > otherwise you couldn't decrypt it reliably. What about Kevin's posting? He noted that encrypting sequential numbers would reveal the encryption key? > For 64 bit numbers, just use DES and encrypt the numbers 0, 1, 2, 3, > ... n in turn. For 128 bits use AES. Could you please explain this? I haven't used encryption in Java, but I would expect that the encryption method should be independend of the size of the data to encrypt? > Again, you will need to be sure that your chosen bit size will > acommodate enough users, with plenty to spare for keeping the gaps > numerous enough. Well, I would simply choose the size of SQL standard integer (64)... Magnus -- This is Unix-Land. In quiet nights, you can hear the Windows machines reboot.
[toc] | [prev] | [next] | [standalone]
| From | rossum <rossum48@coldmail.com> |
|---|---|
| Date | 2012-09-21 12:48 +0100 |
| Message-ID | <l6ko58ddes7ssnhomoh86u68m6eat339ie@4ax.com> |
| In reply to | #18859 |
On Thu, 20 Sep 2012 11:30:26 +0200, Magnus Warker <warker@mailinator.com> wrote: >> As has been pointed out, integers are already unique. Just decide on >> a large enough fixed size and zero pad the small numbers: >> 0000000000001 > >> If you want to disguise the actual number you are using, which is what >> I take your mention of "hash" to mean, then you need an encryption. >> Each unique input gives a unique output. It has to be unique, >> otherwise you couldn't decrypt it reliably. > >What about Kevin's posting? He noted that encrypting sequential numbers >would reveal the encryption key? Not with a secure encryption scheme. Knowing the plaintext gives a 'known plaintext attack'. Both DES and AES can resist known plaintext attacks. > >> For 64 bit numbers, just use DES and encrypt the numbers 0, 1, 2, 3, >> ... n in turn. For 128 bits use AES. > >Could you please explain this? I haven't used encryption in Java, but I >would expect that the encryption method should be independend of the >size of the data to encrypt? DES and AES are block cyphers. DES uses a 64 bit block while AES uses a 128 bit block. Any plaintext is padded to the next block and the resulting cyphertext is always an exact number of blocks. If you are encrypting 64 bit numbers, then use DES with no padding (since you already have a full block). If you used AES for a 64 bit input then you would get a 128 bit output. You could truncate it, but then there is no guarantee of uniqueness. A block cypher is a keyed one-to-one mapping between blocks, or is can be seen as a keyed permutation of blocks. For variable sized cyphertext output you would need a stream cypher. However, I would not suggest that as you will need a different key/nonce for every number that you encrypt. Reusing a key/nonce is a big mistake when using stream cyphers. Hasty Pudding cypher can be used with different block sizes, though it is not common in crypto libraries. DES and AES are present in all crypto libraries. > >> Again, you will need to be sure that your chosen bit size will >> acommodate enough users, with plenty to spare for keeping the gaps >> numerous enough. > >Well, I would simply choose the size of SQL standard integer (64)... > >Magnus
[toc] | [prev] | [next] | [standalone]
| From | Lew <lewbloch@gmail.com> |
|---|---|
| Date | 2012-09-21 10:15 -0700 |
| Message-ID | <1a980c9d-adfc-4411-aa84-08d3e912af28@googlegroups.com> |
| In reply to | #18875 |
rossum wrote: > Magnus Warker wrote: >> What about Kevin's posting? He noted that encrypting sequential numbers >> would reveal the encryption key? > > Not with a secure encryption scheme. Knowing the plaintext gives a > 'known plaintext attack'. Both DES and AES can resist known plaintext > attacks. > >> Could you please explain this? I haven't used encryption in Java, but I >> would expect that the encryption method should be independend of the >> size of the data to encrypt? > DES and AES are block cyphers. DES uses a 64 bit block while AES uses > a 128 bit block. Any plaintext is padded to the next block and the > resulting cyphertext is always an exact number of blocks. If you are > encrypting 64 bit numbers, then use DES with no padding (since you > already have a full block). If you used AES for a 64 bit input then > you would get a 128 bit output. You could truncate it, but then there > is no guarantee of uniqueness. A block cypher is a keyed one-to-one > mapping between blocks, or is can be seen as a keyed permutation of > blocks. > > For variable sized cyphertext output you would need a stream cypher. > However, I would not suggest that as you will need a different > key/nonce for every number that you encrypt. Reusing a key/nonce is a > big mistake when using stream cyphers. > > Hasty Pudding cypher can be used with different block sizes, though it > is not common in crypto libraries. DES and AES are present in all > crypto libraries. Magnus, you need to understand how Usenet works. You are not going to learn all about cryptography by asking here. Best people here can do for you is point you to research areas. If you aren't googling like crazy over every keyword rossum fed you, then you are missing all the value offered. Study. Don't expect to be spoon-fed everything you need to know, especially not here. -- Lew
[toc] | [prev] | [next] | [standalone]
| From | Magnus Warker <warker@mailinator.com> |
|---|---|
| Date | 2012-09-26 06:11 +0200 |
| Message-ID | <k3tvd3$21s$1@news.albasani.net> |
| In reply to | #18882 |
On 09/21/2012 07:15 PM, Lew wrote: > rossum wrote: >> Magnus Warker wrote: >> Hasty Pudding cypher can be used with different block sizes, though it >> is not common in crypto libraries. DES and AES are present in all >> crypto libraries. > > Magnus, you need to understand how Usenet works. Lew, when looking at your posts it seems that you don't understand what Usenet is for. I want to talk, you just want to flame. It seems that you have serious problems with yourself. PLONK! Magnus -- This is Unix-Land. In quiet nights, you can hear the Windows machines reboot.
[toc] | [prev] | [next] | [standalone]
| From | Arne Vajhøj <arne@vajhoej.dk> |
|---|---|
| Date | 2012-09-26 09:29 -0400 |
| Message-ID | <50630334$0$283$14726298@news.sunsite.dk> |
| In reply to | #18937 |
On 9/26/2012 12:11 AM, Magnus Warker wrote: > On 09/21/2012 07:15 PM, Lew wrote: >> rossum wrote: >>> Magnus Warker wrote: > >>> Hasty Pudding cypher can be used with different block sizes, though it >>> is not common in crypto libraries. DES and AES are present in all >>> crypto libraries. >> >> Magnus, you need to understand how Usenet works. > > Lew, when looking at your posts it seems that you don't understand what > Usenet is for. I want to talk, you just want to flame. It seems that you > have serious problems with yourself. > > PLONK! I suggest reconsidering. Lew has a special style of communication. But even though it can sound harsh, then in most cases there are a very valid point in the message. Arne
[toc] | [prev] | [next] | [standalone]
| From | Gene Wirchenko <genew@ocis.net> |
|---|---|
| Date | 2012-09-26 09:18 -0700 |
| Message-ID | <vga668dusa913ol6a8si21dkk0rb8t5kui@4ax.com> |
| In reply to | #18944 |
On Wed, 26 Sep 2012 09:29:20 -0400, Arne Vajhøj <arne@vajhoej.dk>
wrote:
>On 9/26/2012 12:11 AM, Magnus Warker wrote:
>> On 09/21/2012 07:15 PM, Lew wrote:
>>> rossum wrote:
>>>> Magnus Warker wrote:
>>
>>>> Hasty Pudding cypher can be used with different block sizes, though it
>>>> is not common in crypto libraries. DES and AES are present in all
>>>> crypto libraries.
>>>
>>> Magnus, you need to understand how Usenet works.
>>
>> Lew, when looking at your posts it seems that you don't understand what
>> Usenet is for. I want to talk, you just want to flame. It seems that you
>> have serious problems with yourself.
>>
>> PLONK!
>
>I suggest reconsidering.
>
>Lew has a special style of communication.
Yes, and Magnus seems to have covered it nicely.
>But even though it can sound harsh, then in most cases
>there are a very valid point in the message.
It *is* harsh. There often is a valid point, but it can be
difficult telling what it is at times as antagonistic communication
tends to have details dropped out. Some posts, I have been glad that
I was not the one with the problem, because I would not be able to do
much with Lew's answer.
I have considering killfiling him myself.
Sincerely,
Gene Wirchenko
[toc] | [prev] | [next] | [standalone]
| From | markspace <-@.> |
|---|---|
| Date | 2012-09-21 10:56 -0700 |
| Message-ID | <k3i9ou$a9m$1@dont-email.me> |
| In reply to | #18859 |
On 9/20/2012 2:30 AM, Magnus Warker wrote: > >> For 64 bit numbers, just use DES and encrypt the numbers 0, 1, 2, 3, >> ... n in turn. For 128 bits use AES. > > Could you please explain this? I haven't used encryption in Java, but I > would expect that the encryption method should be independend of the > size of the data to encrypt? > It's really too complicated to do here. C.f.: <http://www.wrox.com/WileyCDA/WroxTitle/Beginning-Cryptography-with-Java.productCd-0764596330.html> That is a really good book on using the crypto package in Java for anyone, beginner or advanced, btw. Two thumbs up from me. If you are 100% conversant with Java's cryptography, get that book, it will teach you something.
[toc] | [prev] | [next] | [standalone]
| From | Magnus Warker <warker@mailinator.com> |
|---|---|
| Date | 2012-09-26 06:12 +0200 |
| Message-ID | <k3tveg$21s$2@news.albasani.net> |
| In reply to | #18888 |
On 09/21/2012 07:56 PM, markspace wrote: > On 9/20/2012 2:30 AM, Magnus Warker wrote: > <http://www.wrox.com/WileyCDA/WroxTitle/Beginning-Cryptography-with-Java.productCd-0764596330.html> Thanks! -- This is Unix-Land. In quiet nights, you can hear the Windows machines reboot.
[toc] | [prev] | [next] | [standalone]
| From | Arne Vajhøj <arne@vajhoej.dk> |
|---|---|
| Date | 2012-09-23 20:57 -0400 |
| Message-ID | <505faff7$0$285$14726298@news.sunsite.dk> |
| In reply to | #18859 |
On 9/20/2012 5:30 AM, Magnus Warker wrote: >> As has been pointed out, integers are already unique. Just decide on >> a large enough fixed size and zero pad the small numbers: >> 0000000000001 > >> If you want to disguise the actual number you are using, which is what >> I take your mention of "hash" to mean, then you need an encryption. >> Each unique input gives a unique output. It has to be unique, >> otherwise you couldn't decrypt it reliably. > > What about Kevin's posting? He noted that encrypting sequential numbers > would reveal the encryption key? That type of attack is called a known plaintext attack. The most common symmetric encryption algorithm AES should not be vulnerable to that. But as previous stated then I only consider that second best solution. >> For 64 bit numbers, just use DES and encrypt the numbers 0, 1, 2, 3, >> ... n in turn. For 128 bits use AES. > > Could you please explain this? I haven't used encryption in Java, but I > would expect that the encryption method should be independend of the > size of the data to encrypt? DES operates on 8 byte blocks and AES on 16 byte blocks. For data that is not a multipla of that padding is required. But I would suggest AES and padding. >> Again, you will need to be sure that your chosen bit size will >> acommodate enough users, with plenty to spare for keeping the gaps >> numerous enough. > > Well, I would simply choose the size of SQL standard integer (64)... In many databases INTEGER is only 32 bit. 64 bit is called BIGINT or something similar. Arne
[toc] | [prev] | [standalone]
Page 2 of 2 — ← Prev page 1 [2]
Back to top | Article view | comp.lang.java.programmer
csiph-web