T
Tobiah
I am making QR codes that cell phone users scan in order
to make use of an application. Part of the information
is a token that needs to be passed on to the server, but
I'd rather not allow a person examining the QR code to
be able to see that plain bit of information. I'd like
to scramble up the token so that the result:
1) takes up the same (near, or less) number of characters as the
original token.
2) They key can be derived from the input, and vise versa.
3) The result is alphanumeric.
4) When one character changes in the source,
many characters are likely to change in the
result.
So if my token is:
mytoken2011
The result might be something like:
xm23ffz4uuw
Then
mytoken2012
might yield something very different:
d8ru3jdhvhd
I was thinking of just stringing up all letters and
numbers into a 'wheel' and doing an 18 char rotation on
the chars in the token, but that fails #4. The secret is not like
the key to Fort Knox. We would rather not have the plain
token out there, as it's internal business information,
but we don't have to protect the information at all costs.
Just making it really inconvenient to extract is fine.
Thanks,
Tobiah
to make use of an application. Part of the information
is a token that needs to be passed on to the server, but
I'd rather not allow a person examining the QR code to
be able to see that plain bit of information. I'd like
to scramble up the token so that the result:
1) takes up the same (near, or less) number of characters as the
original token.
2) They key can be derived from the input, and vise versa.
3) The result is alphanumeric.
4) When one character changes in the source,
many characters are likely to change in the
result.
So if my token is:
mytoken2011
The result might be something like:
xm23ffz4uuw
Then
mytoken2012
might yield something very different:
d8ru3jdhvhd
I was thinking of just stringing up all letters and
numbers into a 'wheel' and doing an 18 char rotation on
the chars in the token, but that fails #4. The secret is not like
the key to Fort Knox. We would rather not have the plain
token out there, as it's internal business information,
but we don't have to protect the information at all costs.
Just making it really inconvenient to extract is fine.
Thanks,
Tobiah