Reputation: 2867
Security Code generation's algorithm
Alright, here's the story:
I'm getting married soon, and I'd like to create a website (or an app). Obviously, I'd like that only guests could access to it.
So I was thinking about a system where it would require a security code to sign up. The problem is that I do not trust anyone not to be silent about the code, so I was thinking about giving a different code for every couple (or family) of invited people.
On the sign up form, I would then verify that the entered code has not already been used.
But since I don't know who will sign up to the app, and I don't really have time to manually register each guest, I won't have a database with what code has been provided to whom information.
So, I need an algorithm to generate a random security code, and the reversed one, to check if a given string is a validate security code
I need the algorithm to be complex enough so people could not guess what's the magic behing the code they received. (I know, it feels pretty paranoid)
The generated Securiy Code should be pretty simple, like 6 to 8 characters (mix of digits, upper and lower case letters)
The main issue is that I have no clue how to perform a reliable system to generate and validate a security codes.
I feel like I should have a secret key stored on the server side, that would be necessary to generate a code, and I would have to find it back if a given string is a valid code.
Let's say secret is my private key.
The generation algorithm would be something like secret + whatever = generated code (where the + whatever operation remains to define).
But then how could I check a given string? string - whatever =? secret would be the solution (where - whatever is the reverses operation of + whatever).
Well, I actually have no clue of what whatever could (or should) be.
Do you have any advice or guidance ?
For the technical part, I will probably code this in JS (with a NodeJS server). But as I'm talking about the concept of security code generation, any pseudo-code will do the job.
Upvotes: 1
Views: 184
Answers (1)
Reputation: 11532
Generate a hash of the person's email address (capitalized) and make the code the first n-characters. So, for example, if your email address is [email protected] then the SHA-256 hash would be: 038122aedbf777b8c7c3aaed14ae7c08249a9d47f82f4455a0d667cacc57d383 so your code would be "038122". Generate a list of codes for each person/family. If someone has no email address use the telephone number. If they do not have a telephone, use their address.
Upvotes: 1
Related Questions
- Code generation by genetic algorithms
- Securing application passwords
- Algorithm to generate a security code
- Passwords, Salts, And Security Concepts
- Basic encryption algorithms
- Password Storage and Secure Password Transfer
- Secure Encryption in programming
- Algorithm for one way password encryption
- How to secure passwords in the Software Development?
- How to not hardcode passwords?