Journal Chacham's Journal: Question: Email links, encryption, and radom. 33
On a permission-based list, the URLs have tracking numbers. The question is, what to use?
Generating a random number for each email is quick and easy, but guaranteeing uniqueness is not as quick. It gets increasingly longer as the space is used, and adding more digits can hurt URL length.
Since every email sent is recorded, each already has a unique number. The problem is predictability.
Two solutions were provided. One, encrypting of the unique number. Second, using the unique number and a non-verified random number.
Encryption is kind of kewl. But decryption takes time (especially when many links are hit at the same time) and hard as it is, there is a single point of failure, for any links that use the same encryption key. The neat upside is, length is lower, and nothing more needs to be stored.
The unique number seems odd. It gives a counter in the table, it adds what needs to be stored, and takes time generating the number.
What do you think?
Hashing (Score:3, Informative)
Re:Hashing (Score:2)
These examples assume you have a db or other storage medium you are storing the countervariable in, matched against the recipient.
in python:
import md5
def onewayid(countervariable):
mymd5 = md5.new(str(countervariable) + 'this is your secret string
Re:Hashing (Score:2)
Re:Hashing (Score:2)
When the user on the other end doesn't even know the length of the plaintext, even knowing what id was included with the plaintext is useless. It is _very_ hard to decompose a md5, as-in very computationaly intensive. In some ways, due to the unknown plaintext length issue, its harder than (small key, 128) rsa encryption.
If you've read about issues with md5 hashes and, say, APOP authentication, then let me address that: APOP sends the prefix in
Re:Hashing (Score:2)
If you are still worried, then store the hash with the required info to verify it - then you can use a new suffix/prefix each time. Adding the current timestamp to your plaintext should be fine - a unique id, a secret suffix/prefix, and a timestamp (semi-unique).
But, then (storing it), is that
Re:Hashing (Score:2)
Storing a has is more secure than just passing a unique id and a random id - unless your random id is going to have a very significant range, otherwise a md5 is harder to guess.
Re:Hashing (Score:2)
Re:Hashing (Score:2)
Re:Hashing (Score:2)
And, there is an attempt at keeping the amount characters to a minimum, to avoid wrapped links.
Re:Hashing (Score:2)
- Your random number will need to have a large range to be more effective than a md5, more than 16 bytes worth. Thats big.
- finding a random number generator that will provide you with such precision can be done, but it will be slow.
- random number generation and hashing have a lot in common - no random number gen
Re:Hashing (Score:2)
[Also, I just re-read what i wrote. Please accept my confidence as a belief in my positions (and trust in my intuition) not as arrogance.]
Though, a couple immediate points.
the random number generating algorithm will be the single point of failure at that point - just as a md5. Unlike a md5 however, most random number generators have a distinctive signature - in other words, given a sequence of generated numbers, one
Re:Hashing (Score:2)
I had originally thought you would be sending out many mails at the same instant - a newletter or some sort, in which one seed would be used, hence my talk of a sequence from a single initial seed. Using a diff
Re:Hashing (Score:1)
(visual learner here)
--Huck
Re:Hashing (Score:2)
Yes, a newsletter. However, a re-seed is more secure, and negligable timewise, especially since the generator would need to generate a new number anyway.
However, there are only so many algorthms to choose from - and knowning the aprox time the mesage was sent, an attacker could work backwards to try different generators on each millisecond in a 5 seconde period, ra
Re:Hashing (Score:2)
Oracle's random number generator is much better than most OS generators - If I remember corectly, only OpenBSD was significantly better.
The webpage idea was just an example
This sounds like an interesting system you're working on - is this day-job related or pet-project?
Re:Hashing (Score:2)
All the ENTPs i know are very happy people, and a joy to be around.
Oracle's random number generator is much better than most OS generators - If I remember corectly, only OpenBSD was significantly better.
Ah, good. Thanx.
The webpage idea was just an example
Yeah, I know. But there it is. Other than a timestamp, retrieving unique data takes a bit of time. Whereas the web data is more random, it takes that much longer to get.
This sounds like an interesting system you're
timestamp through crypt (Score:1)
I was about to explain a system I devised that did something like this but I just realized it is probably still copyrighted by my old boss so I can't tell you about it. A real shame too, I rambled on about it for three paragraphs and now this is all you get for a post. Sorry.
Re:timestamp through crypt (Score:2)
Why can't anyone else do the same thing? Besides, with many emails being sent every second, there would be some possibly duplication.
A real shame too, I rambled on about it for three paragraphs and now this is all you get for a post. Sorry.
Heh. I also had a much larger post first. Got two paragraphs described in detail, and then realized that they probabl
Re:timestamp through crypt (Score:2)
Ah, I missed that point. So I guess I should ask: What exactly is the purpose of the scheme? Is it to prevent users from getting at things they are not supposed to? (use a login system) Is it to keep them from asking for data outside it's approved of time-frame? (login with a timer?) What exactly is it you really need to do and why? Why can't you use a login? Why can't yo
Re:timestamp through crypt (Score:2)
Re:timestamp through crypt (Score:2)
Yeah, so? They can't use a browser?
Re:timestamp through crypt (Score:2)
Re:timestamp through crypt (Score:2)
Re:timestamp through crypt (Score:2)
Also, if more than one email are essentially the same, the only thing different per user would be minimal.
Finally, different people do have the same name.
Re:timestamp through crypt (Score:2)
You don't have a problem unless there are two people with the same name and the same e-mail address. If that happens I'd say that those people have a really big problem. I'd even say that it wasn't your
Re:timestamp through crypt (Score:2)
One issue is, though, that the to address does not alway come back. For example, if the to address is a forwarder, and the actual address bounced it, the to address in the bounce will beincorrect.
You don't have a problem unless there are two people with the same name and the same e-mail address. If that happens I'd say that those people have a really big problem. I'd even say that it wasn't your problem to worry about.
Agreed.
Re:timestamp through crypt (Score:2)
So if you can id your e-mails by this scheme, you can validate the bounce as an authentic bounce and use the checksum embedded in the e-mail as an identifier... message the original e-mail telling them they're getting removed... and remove the e-mail addy associated with the identifier.
If you want to hire me
Re:timestamp through crypt (Score:2)
Why is that better than a random id?
you can validate the bounce as an authentic bounce and use the checksum embedded in the e-mail as an identifier
Actually, that scheme won't work. Some bounces won't even return the text.
Anyway, that isn't the issue. They have bounces taken care of pretty well. It was just an example of why checksumming the email address won't work.
If you want to hire me as a consultant I used to hire out at $89 an hour... I'd probably go
Re:timestamp through crypt (Score:2)
Huh? Did I say it was better than a random id? I'm suggesting how you get your random id... at least that's what I thought I was suggesting last week.
If you do a crypt on something you can challenge on that something and find out if they know it without having to know or reveal the secret. So you could do the crypt, checksum, md5 or what ever on some secret and then check the thing that comes back to see if they are the same.
There are three forms of security: Cha
Re:timestamp through crypt (Score:2)
Re:timestamp through crypt (Score:2)
I've gone back and re-read my posts and some of the others in this JE. Really, a "random" number is fine for the id of the link in a non-guessable way. How you generate that random number is very important since you want it to be really random and really unique. There is
Re:timestamp through crypt (Score:2)
Thanx for your input. Seriously. I appreciate it.
Re:timestamp through crypt (Score:2)