可读的GUID [英] Human Readable GUID

问题描述

我正在编写一个小型系统，通过生成可以在我们的网站上兑换MP3的代金券，使我能够以演出的形式出售乐队的音乐.

I'm writing a small system that will allow me to sell my band's music at gigs by generating vouchers that can be redeemed for MP3s at our website.

优惠券将需要用户输入的代码.该代码必须具有以下特征:

The vouchers will need a code that the user types in. The code needs to have the following qualities:

1. 在长度和内容方面达到一定程度的人类可读性，以防止用户感到沮丧和数据输入错误.
2. 给出一个优惠券代码，而不是简单地猜测另一个优惠券代码.

如果我使用GUID，则我担心点1.如果我使用递增整数，则我担心点2.之间必须有一些快乐的媒介，对吗?我认为也许这项工作已经完成，并且有一个理想的解决方案在等着我.如果没有这种情况，我想我将使用一个随机的字母数字字符串，或者可能仅使用字母(为清楚起见，不包括I和O)，并且使应用程序阻止IP地址失败X次，这表明可能的暴力攻击.如果我这样做了，那么字符串的长度和X的值将起作用，为什么?

If I use GUIDs I'm concerned about point 1. If I use an incrementing integer I'm concerned about point 2. There has to be some happy medium in between, right? I thought perhaps this work has already been done and there's an ideal solution waiting out there for me. In the absence of that, I'm thinking I'll go with a random alphanumeric string, or possibly letters only (excluding I and O for clarity), and have the application block IP addresses that fail X number of times, which would indicate a possible brute force attack. If I went with that, how long of a string and what value of X would work, and why?

感谢您的帮助！

更新:我对这种方法并不十分清楚:我将生成用于打印的凭证代码列表，然后在演出后输入已出售"代码.因此，我认为像校验和这样的元素不是必需的，就像它们在不使用验证服务器的软件密钥中一样.

Update: I wasn't totally explicit about the method: I will generate lists of voucher codes for printing, then enter the "sold" codes after a gig. Therefore I think elements like a checksum are not necessary like they are in software keys that don't use validation servers.

推荐答案

只有8个字母数字字母(I和O除外)具有1785793904896可能的组合.只要您没有50亿张优惠券，这对于所有目的和目的都是不可猜测的.

Only 8 alphanumeric letters (except I and O) have 1785793904896 possible combinations. That's for all intent and purposes unguessable as long as you don't have 5 billions vouchers.

这篇关于可读的GUID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！