Page 1 of 2
Generate unique key for input string
Posted: Sun Jul 17, 2011 2:30 pm
by uvray90
Hello guys..
The brief-
Iam stuck at a situation im my D.B project.

I need to make a page which will generate passwords for users to login.Which i can handover the password to the user.And the user will sign in with that password.
The following is the complete description.-
Input ->Enter a range of USN( University Seat Number- An unique roll number for the students). eg.4cb08cs001 to 4cb08cs050 (50 students)
Output->The USN along with a unique four(or five) character key(password) generated using the USN.
Like:
4cb08cs001: xyqwy
4cb08cs002: wertyi
..
..
4cb08cs050: yuyuu
Which wil be given to the respective students with that particular USN. So that while password check occurs during login when the student enters the given USN and password, then the entered USN will be used to generate that same key(password) to check with the entered password for authorization.
Add ons: The username and pass accepted through an html form available only for the admin.(done)
This is my first post here.And hope the description is clear .Please give any code hint to proceed. Anything will be deeply appreciated. If any new php function then please do put a tiny comment on its working, will be very helpful because i just have the basic know hows of php.

Re: Generate unique key for input string
Posted: Sun Jul 17, 2011 2:58 pm
by Jonah Bron
Is this a homework problem? If it is, we can only give you hints. I think you'll find rand() helpful in this.
http://php.net/rand
Re: Generate unique key for input string
Posted: Sun Jul 17, 2011 10:56 pm
by uvray90
Not a homework problem

...Iam developing a site for our college placement department and its online running.But currently its like anyone can register.Need to restrict the users to our college only.By distributing the key to the required users.
I do know about the rand() function. But that is the main problem. I dont need random number. I need a specific key generated with that particular number.Which if generated again with that particular usn will give the same key.
suppose USN:
4cb08cs046
key generated :
rtyew
Stored to DB.Done.
After sometime when we again input the USN
4cb08cs046 it should give back the same key
rtyew
If i use rand then there wont be any relation between the USN and the key generated.

I tried simply adding a particular integer to the usn. But then i cant specify a range because 4cb08cs001 + 1 != 4cb08cs047
Hope you understood.Thank you. Please do give any kind of hint you can give or come to mind.
Re: Generate unique key for input string
Posted: Mon Jul 18, 2011 12:04 am
by McInfo
What you are describing is a
hash, but why should the password be predictable?
"Hash" was of great help.
Posted: Mon Jul 18, 2011 1:58 am
by uvray90
I read it. It just gave a big clue to what i had been looking problem. Thanks alot
Thanks McInfo 
.
The password has to be predictable for the first time login only.Later the user can change their password. The user will enter his USN and the password i gave, then the unique password for that USN will be generated using the function.Which will be tallied with the entered password to authorize the user for the first time entry.
But the trouble when i thought is while listing the USN to be sent to the hashing function. 4cb08cs001 to 4cb08cs050 range
i cant specify a range because
4cb08cs001 + 1 != 4cb08cs047 .Tried but not working.

Do tell if anyone has any hint for that.

Re: Generate unique key for input string
Posted: Mon Jul 18, 2011 2:51 am
by scular
I think your problem will be sort out by using random interger or variable or you have to save your rand value into a variable that will print it
Re: Generate unique key for input string
Posted: Mon Jul 18, 2011 4:15 am
by uvray90
@Sculer
I had tried that. But that wont have any relation with the entered USN. The same key i need to get using the USN. which in case of random integer is not possible. I guess "Hash" idea proposed by McInfo solves it as it will be unique for that particular USN. Planning to take a part of the generated hash from the USN and make it a password. So that i can generate it again to authorize the user during initial login.
But the trouble now is that when listing the USN to be sent to the hashing function. 4cb08cs001 to 4cb08cs050 range

i cant specify a range because
4cb08cs001 + 1 != 4cb08cs002 .Tried but not working.

.I should get all the numbers in between 4cb08cs001 and 4cb08cs050.Do tell if anyone has any hint for that.

Re: Generate unique key for input string
Posted: Mon Jul 18, 2011 12:18 pm
by McInfo
uvray90 wrote:I should get all the numbers in between 4cb08cs001 and 4cb08cs050.Do tell if anyone has any hint for that.
sprintf()
---
I sense that there are some flaws in your security model. It's not clear to me exactly what your security model is, so I can't really describe what those flaws are.
Who can generate the first-use passwords? How are they distributed to the users? What ensures that the person who accesses an account first is the intended user? How easy is it for someone to generate the password on their own if they know the USN? (A salt would greatly reduce the predictability of the hash.)
Passwords should not be stored in plain text. They should be salted and hashed. (This is a hash on top of the hash that created the password.)
Re: "Hash" was of great help.
Posted: Mon Jul 18, 2011 3:04 pm
by Apollo
uvray90 wrote:The password has to be predictable for the first time login only.Later the user can change their password. The user will enter his USN and the password i gave, then the unique password for that USN will be generated using the function.Which will be tallied with the entered password to authorize the user for the first time entry.
Somehow, you're doing something wrong, from a security point of view. Really.
Re: Generate unique key for input string
Posted: Mon Jul 18, 2011 8:02 pm
by beetree
I'd suggest you simply MD5 the USD-string. php.net/MD5
While MD5 isn't unique, it will for sure be unique enough for your application and there are more crucial implementations that consider MD5 to be "unique enough".
Re: Generate unique key for input string
Posted: Tue Jul 19, 2011 12:34 am
by Apollo
beetree wrote:I'd suggest you simply MD5 the USD-string. php.net/MD5
While MD5 isn't unique, it will for sure be unique enough for your application and there are more crucial implementations that consider MD5 to be "unique enough".
By definition, no hash is ever "unique" (there are
always collisions), but that's not the point. There is NO reason why anyone would ever use the old, deprecated MD5, instead of something stronger like sha512 or whirlpool (which are 512 bit).
But I agree, in the above situation, there are probably more crucial points to consider first

Re: Generate unique key for input string
Posted: Tue Jul 19, 2011 4:10 am
by uvray90
Hello guys...
Please clear this thingh for me.
Will md5 give a unique key for some string like 4cb08cs088, which i can generate again later?
Re: Generate unique key for input string
Posted: Tue Jul 19, 2011 4:26 am
by Apollo
uvray90 wrote:Hello guys...
Please clear this thingh for me.
Will md5 give a unique key for some string like 4cb08cs088, which i can generate again later?
Yes, as will any
Hash function.
The idea of hash functions is that given a string X, hash(X) is some checksum which you can never reverse back into the original string X. However if someone enters some string Y, and hash(X) = hash(Y), then you can be "sure" that X = Y. Well, not anymore with md5, but if you use a proper hash function (like the 512-bit ones I mentioned) this is a safe assumption.
This is how you can (and should) validate passwords, without storing any actual passwords.
Re: Generate unique key for input string
Posted: Tue Jul 19, 2011 8:03 am
by uvray90
@mcinfo and apollo: about the security flaw i came to know after reading more after you told.But didnt find any other way by which i can make my site such that only MY college students can register. Now currently its like open registration(annnybody can register).Need to restrict it to only my college students. So i thought that i wil generate( using the Hash mechanism you had told) and distribute the initial passwords individually to them. Any other system implementation possible?
Now one more.
is there any way in PhP to generate a sequence like g1,g2,g3....
or ab1,ab2... like that?? I thought of incrementing the number part and concatenating using string functions.Any other logic??

Re: Generate unique key for input string
Posted: Tue Jul 19, 2011 11:16 am
by beetree
$string_array = array();
for($i = 1; $i < 100; $i++) {
$string_array[] = "ab".$i;
}
There you go.