SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Sep 2008
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    MCrypt Collision Probability

    I am trying to create a unique encryption using the following code:

    PHP Code:
    $td mcrypt_module_open('tripledes''''ecb''');
    $iv mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
    mcrypt_generic_init($td$key$iv);
    $encrypted mcrypt_generic($td$data);
    mcrypt_generic_deinit($td);
    mcrypt_module_close($td); 
    The $data being passed in looks like... "||12-94||" - The numbers will be be changing and will potentially range from 2-8 digits each.

    I realize you can never say never in terms of collisions, but what kind of odds am I looking at? These hashes values are then base64_encoded and use in URLs for tracking, so being unique is paramount, is there a better way to achieve this that wont suffer from possible collisions?

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    What you are doing is not hashing, its encryption which can then be decrypted. Collisions is not something you have to worry about when encrypting. Because unlike hashing the data is never really gone.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    SitePoint Member
    Join Date
    Sep 2008
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What your saying makes sense, but just to be completely clear, there is no possibility for collision when encrypting?

    Also, any opinions on doing something like...
    PHP Code:
    $data base64_encode('||1221-15252||');

    $translated str_replace('='''strtr(base64_encode($data), '+/''-_')) . 'aAn'
    and then on the flip side

    PHP Code:
    $decoded base64_decode(strtr(substr($translated0, -3), '-_''+/')); 
    It seems like its still "never gone" similar to encryption, but it doesnt require mcrypt and it just tacks on something extra to the end to confuse anyone that would attempt a base64_decode()

  4. #4
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If these numbers need to be protected, you could also consider just never putting them out in the wild. Each combination of numbers could just be stored in a private database, and let the database generate an integer id. This could be safer unless you think someone may be able to predict sequences.

  5. #5
    SitePoint Addict
    Join Date
    Apr 2009
    Posts
    248
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by WildFoxMedia View Post
    What your saying makes sense, but just to be completely clear, there is no possibility for collision when encrypting?

    Also, any opinions on doing something like...
    PHP Code:
    $data base64_encode('||1221-15252||');

    $translated str_replace('='''strtr(base64_encode($data), '+/''-_')) . 'aAn'
    and then on the flip side

    PHP Code:
    $decoded base64_decode(strtr(substr($translated0, -3), '-_''+/')); 
    It seems like its still "never gone" similar to encryption, but it doesnt require mcrypt and it just tacks on something extra to the end to confuse anyone that would attempt a base64_decode()
    I don't think you really understand how Base64 works. Adding "aAn" onto the end of the string doesn't meant that when you B64 Decode you're going to get something different: you're just going to get the string with "aAn" on the end of it.

    As for your question on collisions: you have a 10^8th chance of a collision, because that's the maximum size of your dataset. As long as the starting data is unique, the ending data will be unique.

    I'm going to second the idea of locking the values in question in a database, though. Note that you'll need to properly secure yourself against SQL injection or you're right back where you started in all this.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •