Re: get hexadecimal hash string for a number
On 9/19/2012 2:27 AM, Magnus Warker wrote:
On 09/19/2012 01:58 AM, Arne Vajh?j wrote:
The correct approach is to use a cryptographic secure
RNG to generate a number of random bytes.
What about encrypting the database key?
That relies on the key being kept secret.
In many cases this is a necessary requirement, but not
in this case, so I would say that it is second best option.
And since Java UUID do provide a way to generate using
a cryptographic secure RNG as markspace pointed out, then it
it is even simpler to code than I expected (not that SecureRandom
is that hard to use in the first place).
Being slightly paranoid I will recommend generating
maybe 100 bytes and do a SHA-256 of that just to
protect against weaknesses.
If we are paranoid, we should also remember the uniqueness requirement.
"Random" could be a problem here.
If you make the column unique in the database then you will get an error
inserting and can then just pick another.
It will happen at average 1 out of some billion/trillion years, so
I think you can live with that.
It does not cost much coding or many resources runtime, so
I can not see any reason to not do it the right way.
I am sure that your approach will do the job. Thanks!
But I would like to know if encrypting the database key would also be
ok. Can we encrypt it and also ensure a fixed-length hex value?
You can sure pad and encrypt.
But as explained above then I think it is just the second best
option.
Arne