Geek Answers Handbook

Create a set of "coupon codes" based on the algorithm; no need to store codes

I have a situation where we print runs of “discount cards”, where a unique code is printed on the card that a user can redeem in an online store for a discount.

We create so many of these cards, and in fact few people use them, so I would like to use a certain form to determine the valid code using the method, and not to store each individual code in the database. We create about 5,000 of these codes at the same time. Probably about 5 times a year.

Ideally, I would like to have something like:

$coupons->generate(5000, 'unique_salt', 'prefix_');

To generate 5,000 "random" codes, such as:

 prefix-23-3424-4324-3344 or prefix-4H-34RE-22K3-PE3W

unique salt and prefix_ will be stored in the database. These codes can then be checked with prefix_ to search for salt and determine if the code is valid or not.

I have the look of this work, using a number as a salt, to find numbers dividing by salt, and then reordering the numbers so that they seem random. With sufficiently long codes, some work will be required to define a template. But I would like to think that there is a better way ... because there are only so many numbers that give large numbers of codes that are divided by salt .

(For example, salt 2 will give 5000 codes from 1 to 10000 (and it will be easy to see the picture) ... but salt 14000 will give zero codes from 1 to 10000).

Another advantage of this is that I can generate coupons as needed (for example, when we give individuals a discount on a one-by-one basis) and be able to track which coupons are used, when, etc. based on prefix_ ... and potentially see how / when cards are transmitted, which gives the best result.

Am I just spinning my wheels when I just need to store each code in a database? (Or just fun?) :)

+7
source share
3 answers

You can do this using the HMAC and the appropriate coding scheme. First create a secret key for the HMAC and make sure that you keep it private. To create each token, follow these steps:

  • Create a serial number, randomly or sequentially - all that matters is unique.
  • Compute the HMAC (I suggest HMAC-SHA1) the serial number with the secret key. This will give you a hash value (160 bits in the case of HMAC-SHA1).
  • Combine the serial number with the hash value part. This is your coupon code. The number of bits of the used hash value determines how difficult it is to create the correct code using brute force - using n bits means that your attacks will have to try (on average) 2 ^ (n-1) codes to find the real one. Which bits you use from the hash do not matter.

To check the code:

  • Make sure that the serial number is not yet listed in your database as previously used.
  • Calculate the HMAC for the serial number as described above.
  • Compare the corresponding HMAC bits with the rest in the code.
  • Add the serial number to your database to register it.
+2
source

The standard technique is to use a one-way salt and number hash to create a large number of random numbers. Then use this hash to generate your cryptic code. There are many standard one-way hashes that you can use. MD5 is generic.

To make your life easier, I would enter a number in the code in several ways. For example, the prefix-2_-3_ -4 _ -3 ___ will be code 2343, and then you fill in the blanks using the data from MD5 “salt prefix number”. It can be as simple as saying that you have an alphabet of numbers and characters that you are ready to use with n things in it. Take MD5 mod n to select your first character. Divide MD5 by n . Then repeat until you have your characters. To check it, take the prefix, find the salt, extract the number, calculate MD5 and follow the same procedure to generate other characters that should be in the code.

+1
source

More articles:


All Articles