Depends on what benefit of "seemingly random" you're looking for.
True. Schemas similar to this are often used to prevent people from guessing IDs for all sorts of purposes.
Eg. Genomic BLAST servers and similar that perform long running processing as a service, will often generate a random url at which the results will be made available once they are ready. It is obviously important that no two current results sets are allocated the same number.
To prevent the possibility of industrial or academic espionage; by (for example) someone running a small job at a server known to be used by their target, and then systematically probing the next few hundred or thousand ids looking to find what their targets are working on; the site will generate a url containing a number picked at random from a very large set. This makes the practice of probing urls very inefficient. If the number set is large enough, and the generated urls go away once the results have been downloaded or after some preset time period, the possibility of anyone guessing a url can be made vanishingly small.
However, many of the schemas based around LCGs have been shown to be easily and quickly cracked.
A better scheme is to allocate 512MB of space -- a disk file or binary blob -- and use the 4 billion bits to record IDs used. To pick a number, generate a random offset into the blob and then scan forward until you find an unset bit, set it and use the number it represents. To further disguise the value, embed the 10 decimal or 8 hex digits at some known offset within a larger field of randomly chosen digits.
This is a low-cost, highly reliable method that due to the total absence of any pattern, is almost as good as a one-time pad as far as security is concerned.
In reply to Re^4: Check randomly generated numbers have not been used before
by BrowserUk
in thread Check randomly generated numbers have not been used before
by R3search3R
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |