Unique code for every user

[Arne Vajhøj]

This problem is very similar to session id in secured web applications.

Based on that I will suggest:
- hash the sequential key
- store the hash value server side and lookup based on that

Hashes is designed to make it difficult to go from hash to
original value.

Note though that both hashing and the symmetric key ciphers
are painfully vulnerable to brute force attack if the algorithm
is known.

It does not take long to hash or encrypt all values 0-999999999
find ones own obfuscated id and apply the algorithm to the next.

As an absolute minimum you should pick the id's randomly.

Arne

 

[Arne Vajhøj]

I interpreted the original post to mean that the long number created
should incorporate the original transaction number in such a way that
it can be extracted.

Yes.

But that can be worked around by storing the generated value
in the database.

Arne

 

[Arne Vajhøj]

Or you could just use
<http://java.sun.com/javase/6/docs/api/java/util/UUID.html>

Note that UUID generators are very good at generating unique
values - they are not necessarily good at generating hard to
predict numbers. I would be reluctant to use UUID for this
purpose.

Arne

 

[Tom Anderson]

Note though that both hashing and the symmetric key ciphers
are painfully vulnerable to brute force attack if the algorithm
is known.

It does not take long to hash or encrypt all values 0-999999999
find ones own obfuscated id and apply the algorithm to the next.

A little bit of salt will deal with that nicely.

tom

 

[Arne Vajhøj]

A little bit of salt will deal with that nicely.

Only if it is secret.

And if the algorithm is known then the salt may very likely
be known as well.

Arne