Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Ideas to create a small (<10 digits), not (very) secure "hash"

Tags:

encode

hash

encryption

checksum

I'm working on an online event ticketing system, where users will be able to self print his tickets and show up at the event where it will be scanned (barcode) and ideally the person will get in. My problem is how to create a "ticket code" that fulfills the following requirements:

  • each "ticket code" need to be sufficiently different from each other (ie not sequentially numbered)
  • ideally the ticket will be checked against a central DB to prevent reuse, but it NEEDS to be able to work off line too, in which case the system has to check for a "valid" ticket code and that it has not been used in this gate.
  • the "ticket code" has to be small enough to facilitate keying it if needed
  • the ticket holder would only need the ticket to get in (ie no ID check)

The range of the data is very small, there will only be about 20 events over 4 days with about 5,000 tickets per event (about 100,000 different ticket codes)

Now I have several fields that are not printed on the ticket and not known to the user that I can use to encode part of the "ticket code", so I could use the EventId, OrderId, EventDate and some salt to create a small "hash" for part of the code (ideas?), but I'm still stuck with the ticket id that is sequential or a GUID (would be too long)

So any ideas or pointers on how to do this?

like image 425
Jaime Avatar asked May 21 '09 00:05

Jaime

People also ask

What makes a hash secure?

Cryptographic hash functions are utilized in order to keep data secured by providing three fundamental safety characteristics: pre-image resistance, second pre-image resistance, and collision resistance.

What hash is most secure?

Common attacks like brute force attacks can take years or even decades to crack the hash digest, so SHA-2 is considered the most secure hash algorithm.

What can I use instead of MD5?

Probably the one most commonly used is SHA-256, which the National Institute of Standards and Technology (NIST) recommends using instead of MD5 or SHA-1. The SHA-256 algorithm returns hash value of 256-bits, or 64 hexadecimal digits.

What is the simplest hash function?

Simple hash functionsh(k) = k mod m. Works badly for many types of patterns in the input data. Knuth Variant on Division h(k) = k(k+3) mod m. Supposedly works much better than the raw division method. Multiplication Method (Cormen).

4 Answers

Why reinvent the wheel? Just do something like this (Python Code, ask me if you need clarification):

import hashlib

secretpassword = "blah"

def createticket(eventnum, ticketnum):
    m = hashlib.md5() # or any crypto hash you like
    m.update("%s%s%s" % (eventnum, ticketnum, secretpassword))
    return m.hexdigest()[:10]

Example:

Event Number 1

Ticket Number 123

createticket(1,123)
# output: 2d7f242597

Mr ticketman comes around with his verifier and enters in the event/ticket number and the hash:

def verifier(eventnum, ticketnum, hash):
    return hash == createticket(eventnum, ticketnum)

verifier(1,123, "2d7f242597")
# ouput: True
like image 119
Unknown Avatar answered Sep 29 '22 13:09

Unknown

I suggest you give the Verhoeff algorithm a try.

like image 33
Alix Axel Avatar answered Sep 29 '22 13:09

Alix Axel

Two ways I can see:

  1. Generate a random number, or at least a random part for a number, and store it in a central database. Then download the database into all the gate systems to check against.
  2. The number has to be self-sufficient. In other words, the number has to be able to check out without the saved list. This sounds like some kind of checksum system. For instance, you could issue numbers from 1 and upwards, make them 5 digits (00000-99999 = 100.000 numbers), and prepende 1-3 letters, making sure you end up with a checksum that would check out.
like image 45
Lasse V. Karlsen Avatar answered Sep 29 '22 12:09

Lasse V. Karlsen

Consider a very simple scheme based on a Feistel network to permute, say, the ticket ID number. This message (which happens to be on the PostgreSQL lists but doesn't really have much to do with PostgreSQL) describes a simple Feistel network. On each ticket you could print a ticket ID number (sequentially chosen), then a "ticket secret code" that's the result of putting the ID number through a Feistel network. Possible variations include appending a check digit to the secret code, and basing the input to the Feistel network on more than just the sequentially generated number (number + 10,000 * event ID number, et cetera).

like image 30
kquinn Avatar answered Sep 29 '22 11:09

kquinn
Sign in to Comment

Related questions

Python: Two-way Alphanumeric Encryption
No Java folder located in Library despite JDK installation
Encrypt/decrypt with XOR in PHP
Simple JavaScript encryption & decryption without using key
OpenSSL, decrypting with a private key
php error: The Encrypt library requires the Mcrypt extension in codeigniter
Different encryption results between platforms, using OpenSSL
Diffie-Hellman (to RC4) with Wincrypt From Python
GDPR: Encrypted logging in C#
AES difference between iPhone (Objective-c) and Java
encrypt SQL connectionstring c#
Are git push and pulls encrypted?
How to implement Java 256-bit AES encryption with CBC
Secure encrypted database design
PKI multiple public keys
IOS - How do I AES decrypt a large file if the file is too large to load all of it into memory?
SOAPUI Certificate authentication
Full text search on encrypted data
Java Bouncy Castle Cryptography - Encrypt with AES
Encryption with RSA public key on iOS

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!