A
Arne Vajhøj
Arne said:This problem is very similar to session id in secured web applications.
Based on that I will suggest:
- hash the sequential key
- store the hash value server side and lookup based on that
Hashes is designed to make it difficult to go from hash to
original value.
Note though that both hashing and the symmetric key ciphers
are painfully vulnerable to brute force attack if the algorithm
is known.
It does not take long to hash or encrypt all values 0-999999999
find ones own obfuscated id and apply the algorithm to the next.
As an absolute minimum you should pick the id's randomly.
Arne