哪个“好”块加密算法输出最短? [英] Which "good" block encryption algorithm has the shortest output?
问题描述
我想给客户一个随机的订单号,但在后端使用0,1,2,...。这样一来,客户可以获得加密订单号的非密码保护的订单状态URL,并且不能通过添加或减去1来查看其他客户的订单号码。这可能会替代生成随机订单密钥的方案,检查其唯一性在所有以前的订单中,并重新生成直到唯一。当Web服务器获得查看订单的请求时,它解密订单号并检索订单。
I would like to give customers a random-looking order number but use 0, 1, 2, ... in the backend. That way the customer gets a non-password-protected order status URL with the encrypted order number and they cannot look at other customers' order numbers by adding or subtracting 1. This might replace a scheme where random order keys are generated, checked for uniqueness among all the previous orders, and re-generated until unique. When the web server gets a request to view an order, it decrypts the order number and retrieves the order.
为了保持URL的简短,好加密算法有最短块大小?这是一个好主意吗? (如果我正在加密苹果公司的员工ID,以保持史蒂夫·乔布斯不要求雇员#0?)
To keep the URL short, what "good" encryption algorithm has the shortest block size? Is this scheme a good idea? (What if I was encrypting Apple, Inc. employee ids to keep Steve Jobs from asking for Employee #0?)
请注意,所有包裹跟踪网站都允许您跟踪包没有认证。限制无密码订单状态页面显示的信息量是很好的。
Observe that all the package tracking websites allow you to track packages without authentication. It would be fine to limit the amount of information shown on the password-free order status page.
推荐答案
大多数块密码正在进行为了安全起见,使用大于32位大小的块。
Most block ciphers are going to use larger than 32-bit sized blocks, for security reasons.
但是,我发现一个专门为您正在做的事情: Skip32
However, I found one that is made specifically for what you are doing: Skip32
您可以考虑使用GUID,但也许您有理由想要以避免这种情况。 (说,您的应用程序已经完成了。)
You may consider using a GUID, but perhaps you have reasons you want to avoid that. (Say, your app is done already.)
编辑:
实际上,如果GUID是允许的,那就给你128位的范围。您可以轻松使用任何其他块密码。拥有更大空间(以长ID字符串为代价)的好处是,您可以从人们猜测ID获得更多的保护。 (不是它的订单ID本身应该是一个安全令牌,无论如何...)
Actually, if a GUID is permissible, then that gives you a range of 128 bits. You could easily use any other block cipher. The benefit to having a larger space (at the cost of long ID strings) is that you'll have much more protection from people guessing IDs. (Not that it an order ID by itself should be a security token anyways...)
这篇关于哪个“好”块加密算法输出最短?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
