One-way permutation in ASP?

[Mike]

Hello all,

I'm looking for a free method to apply a one-way encryption to a 64-bit
value in an ASP script. Does anyone have any links to existing code or at
least a process that I can follow to develop it myself?

Thanks!

 

[Dave Anderson]

I'm looking for a free method to apply a one-way encryption
to a 64-bit value in an ASP script. Does anyone have any
links to existing code or at least a process that I can
follow to develop it myself?

[val%2] is a one-way hash, but I suppose you want to map onto a bit larger
space.



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Mike]

I'm looking for a free method to apply a one-way encryption
to a 64-bit value in an ASP script. Does anyone have any
links to existing code or at least a process that I can
follow to develop it myself?

[val%2] is a one-way hash, but I suppose you want to map onto a bit larger
space.

I should have been a bit more specific... I want to take my 64 bit value and
apply a process to it that will yield a unique value that cannot be easily
reversed back to the original value.

I will have a database with 13000 unique 64-bit identifiers, but those
identifiers have been deemed mildly sensitive by a higher power. Now, I
would rather have a database with 13000 non-sensitive unique identifiers,
each of which can be obtained by applying a process to the original
sensitive identifier. Thus if my server is compromised (or the server of a
third party that will host the same data) I won't have to worry about the
revelation of these identifiers (not SS numbers BTW).

I found several links in the ASP FAQ, but nothing free that meets this
requirement. I might just have to pay or move on to Linux, but I was
checking first.

 

[Dave Anderson]

I should have been a bit more specific... I want to take my 64
bit value and apply a process to it that will yield a unique
value that cannot be easily reversed back to the original value.

"One-way" permutations cannot be inverted at all, much less easily. And
uniqueness implies invertibility. You have to choose between uniqueness and
non-invertibility.

I will have a database with 13000 unique 64-bit identifiers,
but those identifiers have been deemed mildly sensitive by a
higher power. Now, I would rather have a database with 13000
non-sensitive unique identifiers, each of which can be
obtained by applying a process to the original sensitive
identifier. Thus if my server is compromised (or the server
of a third party that will host the same data) I won't have
to worry about the revelation of these identifiers (not SS
numbers BTW).

I found several links in the ASP FAQ, but nothing free that
meets this requirement. I might just have to pay or move on
to Linux, but I was checking first.

This one is only $30:
http://www.sewelld.com/SecureHashAlgorithm.asp


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Shailesh Humbad]

MD5 and SHA1 are one-way hash functions (permutation is not quite the
right word). SHA1 is better than MD5. By applying the function to your
data, you get a resulting value that is highly unique, a signature. It
is also computationally infeasible to recover the original data from the
hash value.

Some free implementations in ASP are here:

http://www.frez.co.uk/freecode.htm

Free Javascript implementations are here:

http://pajhome.org.uk/crypt/md5/index.html

Shailesh

 

[Mike]

I like that solution and it met all of my requirements! However, I just
found another requirement from the third party... 44 characters max for the
identifier. The unique identifier produced by the code is 64 characters...
Arrrrrghhh...

I'll work on the third party.

MD5 meets all of the criteria (I was basing the above on SHA), Thanks again!

 

[Mark Schupp]

I get the impression from other messages in this thread that the resultant
value must be "guaranteed" unique. Perhaps the original poster can clarify.
Will the resulting value be used to look up specific records in a table?
Must the value be unique?

--
Mark Schupp
--
Head of Development
Integrity eLearning
Online Learning Solutions Provider
(e-mail address removed)
http://www.ielearning.com
714.637.9480 x17

MD5 and SHA1 are one-way hash functions (permutation is not quite the
right word). SHA1 is better than MD5. By applying the function to your
data, you get a resulting value that is highly unique, a signature. It
is also computationally infeasible to recover the original data from the
hash value.

Some free implementations in ASP are here:

http://www.frez.co.uk/freecode.htm

Free Javascript implementations are here:

http://pajhome.org.uk/crypt/md5/index.html

Shailesh

 

[Shailesh Humbad]

SHA-256 produces a 256 bit hash value. Hexadecimal represents 4 bits
per character, so the value needs 256/4 = 64 characters of space.
However, a character can actually hold 8 bits (or 16 bits if Unicode),
so if you store the hash value in binary form, it can fit in 256/8 = 32
'characters' or bytes of space. If your third party does not require
the identifier to be readable/typable by an end-user, then you can just
store the hash value in binary using 32 bytes/characters of space. BTW,
if you use SHA-1, you get a 160 bit hash value, which only takes up 40
characters of space even in hexadecimal form.

Shailesh