Reputation: 2786
How difficult/easy is it to decode a custom base 62 encoding?
Here's what I am going to do to obfuscate database id's in permalinks:
1) XOR the id with a lengthy secret key
2) Scramble (rotate, flip, reverse) bits around a little in the XOR'ed integer in a reversible way
3) Base 62 encode the resulting integer with my own secret scrambled up sequence of all alphanumeric characters (A-Za-z0-9)
How difficult would it be to convert my Base 62 encoding back to base 10?
Also How difficult is it to reverse engineer the whole process? (obviously without taking a peak at source or compiled code) I know 'only XOR' is pretty susceptible to basic analysis.
EDIT: the result should be not more than 8-9 chars long, 3DES and AES seem to produce very long encrypted texts and can't be practically used in URLs
Resulting strings look something like:
In [2]: for i in range(1, 11):
print code(i)
...:
9fYgiSHq
MdKx0tZu
vjd0Dipm
6dDakK9x
Ph7DYBzp
sfRUFaRt
jkmg0hl
dBbX9nHk4
ifqBZwLW
WdaQE630
As you can see 1 looks nothing like 2 so this seems to works great for obfuscation of id's.
Upvotes: 1
Views: 1981
Answers (2)
Reputation: 15693
The standard advice for anyone trying to develop their own cryptography is, "Don't". The advanced advice is to read Bruce Schneier's Memo to the Amateur Cipher Designer and then don't.
You are not the first person to need to obfuscate IDs, so there are already methods available. @CodesInChaos suggested a good method above; you should try that first to see if it meets your needs.
Upvotes: 2
Reputation: 30912
If the attacker is allowed to play around with the input, it will be trivial for a skilled attacker to "decrypt" the data. A crucial property of modern crypto systems is the "Avalanche effect" which your system lacks. Basically it means that every bit of the output is connected with every bit of the input.
If an attacker of your system is allowed to see that, for example, id = 1000 produces the output "AAAAAA" and id=1001 produces "ABAAA" and id=1002 produces "ACAAA" the algorithm can be easily reversed, and the value of the key obtained.
That said, this question is a better fit for https://security.stackexchange.com/ or https://crypto.stackexchange.com/
Upvotes: 2
Related Questions
- Are there multiple Base62 Encoding Algorithm?
- Decode and encode in Base45 in Java
- Encoding to base64
- Base 64 encoding and Decoding
- Compressing a Base 62(0-9a-zA-Z) encoded string
- Base64 Encoding and Decoding
- Base 64 encoding in C#
- How to decrypt a base 64 encoded value
- How to do an Encode/Decode function in Base62 with no obvious pattern in the Results?
- How efficient is the encoding/decoding algorithm of BASE64 class in Java?