引脚生成 [英] Pin Generation

查看:196
本文介绍了引脚生成的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我希望开发一个系统,其中我需要为每个用户分配一个唯一的pin代码的安全性。用户将只输入此PIN码作为识别自己的方法。因此,我不想让用户能够猜测另一个用户的pincode。假设我将拥有的最大用户是100000,这个PIN码应该多长时间?



例如。 1234 4532 3423



我应该通过某种算法生成这个代码吗?或者应该随机生成它吗?



基本上我不希望人们猜测别人的pincode,它应该支持足够数量的用户。



对不起,如果我的问题听起来有点混乱,但会很乐意澄清任何疑问。



非常感谢。



UPDATE



阅读下面的所有帖子后,我想补充一些细节。 / p>


  1. 我想要实现的是一个非常类似于刮卡的东西。

  2. 给用户一张卡片,他/她必须抓住卡片才能找到PIN码。

  3. 现在使用此PIN码,用户必须能够访问我的系统。

不能添加额外的安全性(例如用户名和密码),因为这将阻止用户使用刮卡。我想让它尽可能难以在限制内猜出pincode。



谢谢你所有的惊人的回复。

解决方案

如果我们假设最多100,000个用户,那么他们可以有唯一的PINs与0-99,999即。 5位数字。



但是,这样可以更容易地猜出具有最大用户数的PIN。
如果您可以限制PIN的尝试次数,那么您可以使用较短的PIN。
eg。每天每个IP最多可以尝试10次失败。



这也取决于你所保护的价值,以及如果奇怪的情况发生,那将是多么灾难性的。



如果您想要保持简短或12位数字,如果您想要自动猜测更安全,我会使用9位数字。



要生成PIN,我会采用高分辨率版本的时间,以及一些 salt ,也许是一个伪随机数,生成散列,并使用前9或12个数字。确保新的PIN代之间有合理和随机的延迟,不要在循环中生成,并尽可能使用户启动。



例如。左(Sha1(DateTime + Salt + PseudoRandom),9)


I am looking to develop a system in which i need to assign every user a unique pin code for security. The user will only enter this pin code as a means of identifying himself. Thus i dont want the user to be able to guess another users pincode. Assuming the max users i will have is 100000, how long should this pin code be?

e.g. 1234 4532 3423

Should i generate this code via some sort of algorithm? Or should i randomly generate it?

Basically I dont want people to be able to guess other peoples pincode and it should support enough number of users.

Am sorry if my question sounds a bit confusing but would gladly clarify any doubts.

thank you very much.

UPDATE

After reading all the posts below, I would like to add some more detail.

  1. What i am trying to achieve is something very similar to a scratch card.
  2. A user is given a card, which he/she must scratch to find the pin code.
  3. Now using this pin code the user must be able to access my system.

I cannot add extra security (e.g. username and password), as then it will deter the user from using the scratch card. I want to make it as difficult as possible to guess the pincode within the limitations.

thankyou all for your amazing replies again.

解决方案

If we assume 100,000 users maximum then they can have unique PINs with 0-99,999 ie. 5 digits.

However, this would make it easier to guess the PINs with the maximum number of users. If you can restrict the number of attempts on the PIN then you can have a shorter PIN. eg. maximum of 10 failed attempts per IP per day.

It also depends on the value of what you are protecting and how catastrophic it would be if the odd one did get out.

I'd go for 9 digits if you want to keep it short or 12 digits if you want a bit more security from automated guessing.

To generate the PINs, I would take a high resolution version of the time along with some salt and maybe a pseudo-random number, generate a hash and use the first 9 or 12 digits. Make sure there is a reasonable and random delay between new PIN generations so don't generate them in a loop, and if possible make them user initiated.

eg. Left(Sha1(DateTime + Salt + PseudoRandom),9)

这篇关于引脚生成的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆