Encryption Routine to encrypt an 8-digit field into 16 (or more) characters

Question

I have an 8 digit field that I would like to encrypt (I am not worried about decrypting it) into a 16 character (or more) field. I need this so I can use the encrypted field to send to a reporting agency.

Answer 1

Without knowing too much about the purpose behind this "encryption" here's what I'd suggest (based on some conservative and security-preserving assumptions about what your goals are):

1. Pick a random number. Call it R. The number should preferably be at least 32 bits long.
2. For every 8-digit identifier you have, form the string "<digits of R><8 digit identifier>".
3. Use some cryptographically secure hash algorithm to get the hash of the string formed in step 2.
4. Format the hash from step 3 as a string of hex characters.
5. Use the hex character string from step 4 as the identifier that gets reported to the "reporting agency".

The benefit of this scheme is that as long as you remember the value R you can always map every 8-digit identifier to the same hex character identifier. This may or may not be important in your application.

Of course, this scheme assumes that you never need to perform a revese mapping, and the agency doesn't want to decrypt the identifiers. In other words, it assumes your goal is simply to not give the agency the identifier I but an equivalent identifier I'.

Answer 2

Since you don't need decryption you could hash it (irreversibly) instead of using encryption. In PHP you could do this with hash and the fnv164 hash algorithm, which returns a 16 character hash.

Also, there are several other hash algorithms that will produce greater than 16 characters. You can use hash_algos to see what's available on your system. Here's a script to do that.