Geek Answers Handbook

Creating a strong unique user ID with PHP and MySQL

Ahoy Stack Overflow! This will be the first post ...

I am trying to identify users with a salty unique public key.

  • Algorithm . Should I use uniqid (), sha256, sha512, something else? All hashes will be salty. NIST recommended SHA256, but I prefer to hear what others have to offer.
  • Is generation enough hash (SALT + AUTO_INCREMENT_PK+ CREATED_TIMESTAMP)? More entropy?
    • I would use email because it is unique to each user, however the user can change his email address. I also considered storing signup_email so that no hashes need to be recounted.
  • MySQL repository . Currently, our identifier is INT (255) auto_incrementprimary key. As stated earlier, there are potentially hundreds of millions of keys. Depending on the cryptoalgo, I should have a fixed size ID. Can I save INT (255) or use CHAR (n)?

---------------------- Thanks for reading :) -------------------------------

+5
source share
5 answers

One thing: if you do not trust your identifiers to users, sending them via GET or POST will not work; they are all visible to motivated users.

I would use SHA256 using the string salt.counter.time and use the output to generate the GUIDs for the actual id. This would minimize the likelihood of conflict.

CHAR MySQL GUID.

. http://us2.php.net/manual/en/function.uniqid.php . AFAIK GUID PHP, .

+5

- , "" , , ,

- ?


, - , ;-)
(, - - , )

(, 61350955-9755-4AF3-8C19-6DBC42CA69E2) ?
, , http://createguid.com/


GUID ; , ... , , / .

( , ) / , ; " " ?

+3

, 24 , id MongoDB ( ). .

<?php
/**
 * Generator for Mongo-like ObjectIds in pure PHP
 * Author: Mauricio Piacentini
 *
 * Inspired by https://github.com/justaprogrammer/ObjectId.js
 *
 */

class ObjectIdFactory
{   
    private $_datetime = null;
    private $_machine = null;
    private $_pid = null;
    private $_increment = null;

    public function __construct()
    {
        $this->_machine = str_pad(dechex(rand(0, 16777215)), 6, "0", STR_PAD_LEFT);
        $this->_pid = str_pad(dechex(rand(0, 32767)), 4, "0", STR_PAD_LEFT);
        $this->_increment = rand(0, 16777215);

        //We need a DateTime object to get timestamps, cache it
        $this->_datetime = new DateTime();
    }

    public function getNewId($forcedincrement = null)
    {
        if (is_null($forcedincrement)) {
            $this->_increment++;
            if ($this->_increment > 0xffffff) {
                $this->_increment = 0;
            }
        } else {
            $this->_increment = $forcedincrement;
        }
        $timestamp = $this->_datetime->getTimestamp();

        $timestamp_final = str_pad(dechex($timestamp), 8, "0", STR_PAD_LEFT);
        $increment_final = str_pad(dechex($this->_increment), 6, "0", STR_PAD_LEFT);
        return $timestamp_final . $this->_machine . $this->_pid . $increment_final;
    }

}

https://github.com/piacentini/ObjectId.php

+1
source

Have you studied using UUID ?

A quick google search gives good resources / links.

0
source

Personally, I use md5 (uniqid (mt_rand (), true)), which will create a 32-character identifier (128-bit hexadecimal number), which is extremely difficult to predict.

0
source

More articles:


All Articles