What is the best way to generate unique activation keys that look like xxxx-xxxx-xxxx-xxxx where x is a hexdecimal number so for example 53e1-fbaf-4230-6c7a. I thought I could use mile md5 but it produces a longer value and then I have to trim it down which feels like it increases the risk of simular values.
lundberg: are you keeping these keys in some place like a database? If so, add unique key on column and this will prevent any repeating values being generated. If that is your main concern, as I read in your post, then this solution provides you with 100% uniqueness.
How many of these keys are going to generate? 1000? 10 thousands? million? or maybe billion? If it’s no too many, then I don’t think there is a need to search for some really advanced solution, str_shuffle works fine.
It is truly difficult for computers generate a true randomness. The less of a pattern that can be discerned, more entropy it contains.
Computer cryptography experts have become well versed with increasing the entropy of their encryptions. Steve Gibson for example has, in conjunction with feedback from the cryptography community, created a way to generate ultra-high security passwords that uses
Rijndael (AES) block encryption of never-repeating counter values in CBC mode
Despite the quote, the page make for a very good read.
Here is the script from PHP 5 in Practice for generating a unique 40-character identifer
<?php
// A function to return a unique identifier for the user's browser
function create_unique() {
// Read the user agent, IP address, current time, and a random number:
$data = $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] .
time() . rand();
// Return this value hashed via sha1
return sha1($data);
}
// Echo out the hashed data - This will be different every time.
$newhash = create_unique();
echo "<pre>{$newhash}</pre>";
?>
pmw57, very good points indeed, but maybe then add one more layer and use hash_hmac() instead or plain hash?
<?php
// A function to return a unique identifier for the user's browser
function create_unique() {
// Read the user agent, IP address, current time, and a random number:
$data = $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] .
time() . rand();
$secret_key = 'really secret sequence for this web-applications function only';//change t
// Return this value HMAC with sha256
return hash_hmac('sha256',$data,$secret_key);
}
// Echo out the hashed data - This will be different every time.
$newhash = create_unique();
echo "<pre>{$newhash}</pre>";
?>