Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to calculate a short fixed length obfuscated ID similar to YouTube (e.g. 2WNrx2jq184)

Tags:

python

encoding

encryption

google-app-engine

Each user object in my database has an incremental ID (1, 2, 3, ...). The URL to view a user's profile contains the ID of the user object; e.g. http://www.example.com/users/1. This way everyone can see how many users there are on the website, how fast the userbase is growing etc. I don't want to give that information away.

I would like to convert the incremental ID to a fixed length string in Base58 format, so the URL would look like http://www.example.com/users/2WNrx2jq184 Also, I need the reverse function that converts the string back to the original ID. The reverse function should not be easy to reverse engineer.

The best Python code I found for this purpose is https://github.com/JordanReiter/django-id-obfuscator. It is very good, but in some cases it adds a 0 and/or . character, which leads to strings that are not in Base58 and not of fixed length. (See utils.py lines 24 and 29.)

How can I improve django-id-obfuscator to result in fixed length base58 obfuscated IDs, or how can I create such obfuscated IDs in Python?

like image 315
Korneel Avatar asked Jun 15 '12 09:06

Korneel

2 Answers

If you want to properly do this, take your user ID, pad it with leading zeros, then encrypt it with something like AES and encode the result with base58. To get the ID back, just decode, decrypt and int() the result.

So for encryption:

>>> from Crypto.Cipher import AES
>>> import base64
>>> obj = AES.new('yoursecretkeyABC')
>>> x = base64.encodestring(obj.encrypt("%016d"%1))
>>> x
'tXDxMg1YGb1i0V29yCCBWg==\n'

and decryption

>>> int(obj.decrypt(base64.decodestring(x)))
1

If you can live with weak crypto, you could also simply xor the padded ID with a key:

>>> key = [33, 53, 2, 42]
>>> id = "%04d" % 1
>>> x = ''.join([chr(a^ord(b)) for a, b in zip(key, id)])
>>> x
'\x11\x052\x1b'
>>> int(''.join([chr(a^ord(b)) for a, b in zip(key, x)]))
1

But this is much less secure since you should never use the same OTP for multiple messages. Also make sure the key is the same length as your padded ID.

like image 185
mensi Avatar answered Sep 23 '22 00:09

mensi

This is an old Question that I stumbled upon. I recently found the hashids Library which solves this problem and is available for a wide range of programming languages:

http://hashids.org

like image 21
Tim Avatar answered Sep 19 '22 00:09

Tim
Sign in to Comment

Related questions

Python Walk, but Thread Lightly
Randomize chain from itertools
Reading a direct access fortran unformatted file in Python
django serialize foreign key objects
Get parents directories of a file, up to a point
Pythonic and concise way to construct this list?
How to write a python package
Python's random.shuffle limitation
Is there a trick to break on the print builtin with pdb?
Phrase corpus for sentimental analysis
Python loop delay without time.sleep()
What is causing dimension-dependent AttributeError in PIL fromarray function?
Parsing a list of words into a tree
Can we run multiple functions each with timeit in the same module
matplotlibs ginput() with undefined number of points
pyenchant can't find dictionary file on Mac OS X
Pairwise Testing Combination generator in Python
Django Middleware - How to edit the HTML of a Django Response object?
no access to GetCaptureProperty or any similar function in python opencv
Gevent monkey unpatch

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!