Re^2: Check randomly generated numbers have not been used before

Whilst the coprimality of parameters ensure uniqueness whilst saving you from have to track previous picks; the method has a weakness: if an attacker can cause you to give him two consecutive picks -- say, by inspecting the latest additions to the parts inventory -- he can determine S, and from that start guessing your new part numbers.

He doesn't even have to find to consecutive picks; only two that where allocated close to each other. If the difference between them is prime, he's probably found S; if not, he only need find the prime factors of that difference to find it.

With a little more inspection and analysis, he will be able to determine your offset; and at that point, the benefits of allocating "seemingly random" part numbers is defeated.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority". I knew I was on the right track :)

In the absence of evidence, opinion is indistinguishable from prejudice.

Comment on Re^2: Check randomly generated numbers have not been used before

Replies are listed 'Best First'.
Re^3: Check randomly generated numbers have not been used before by GotToBTru (Prior) on Sep 16, 2016 at 20:13 UTC
Depends on what benefit of "seemingly random" you're looking for. Remember, these are part numbers, used in an inventory system, not part of any cryptographic system. They would function as database keys, so they had to be unique. It was desired that the numbers not be sequential, and that they would span the space. Probably to prevent anyone programming forms or reports from making assumptions about how many digits to allow for part numbers that would cause trouble at a later time. That was my guess at the time. I put this together in 1993. My algorithm could still be in use to this day. But God demonstrates His own love toward us, in that while we were yet sinners, Christ died for us. Romans 5:8 (NASB)	[reply]
Re^4: Check randomly generated numbers have not been used before by BrowserUk (Patriarch) on Sep 16, 2016 at 20:48 UTC
Depends on what benefit of "seemingly random" you're looking for. True. Schemas similar to this are often used to prevent people from guessing IDs for all sorts of purposes. Eg. Genomic BLAST servers and similar that perform long running processing as a service, will often generate a random url at which the results will be made available once they are ready. It is obviously important that no two current results sets are allocated the same number. To prevent the possibility of industrial or academic espionage; by (for example) someone running a small job at a server known to be used by their target, and then systematically probing the next few hundred or thousand ids looking to find what their targets are working on; the site will generate a url containing a number picked at random from a very large set. This makes the practice of probing urls very inefficient. If the number set is large enough, and the generated urls go away once the results have been downloaded or after some preset time period, the possibility of anyone guessing a url can be made vanishingly small. However, many of the schemas based around LCGs have been shown to be easily and quickly cracked. A better scheme is to allocate 512MB of space -- a disk file or binary blob -- and use the 4 billion bits to record IDs used. To pick a number, generate a random offset into the blob and then scan forward until you find an unset bit, set it and use the number it represents. To further disguise the value, embed the 10 decimal or 8 hex digits at some known offset within a larger field of randomly chosen digits. This is a low-cost, highly reliable method that due to the total absence of any pattern, is almost as good as a one-time pad as far as security is concerned. With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday' Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". I knew I was on the right track :) In the absence of evidence, opinion is indistinguishable from prejudice.	[reply]