Comment by haileys
1 day ago
This is well understood - Hyrum's law.
You don't need encryption, a global_id database column with a randomly generated ID will do.
1 day ago
This is well understood - Hyrum's law.
You don't need encryption, a global_id database column with a randomly generated ID will do.
You could but you would lose the performance benefits you were seeking by encoding information into the ID. But you could also use a randomized, proprietary base64 alphabet rather than properly encrypting the ID.
XOR encryption is cheap and effective. Make the key the static string "IfYouCanReadThisYourCodeWillBreak" or something akin to that. That way, the key itself will serve as a final warning when (not if) the key gets cracked.
Any symmetric encryption is ~free compared to the cost of a network request or db query.
In this particular instance, Speck would be ideal since it supports a 96-bit block size https://en.wikipedia.org/wiki/Speck_(cipher)
2 replies →
A cryptographer may quibble and call that an encoding but I agree.
2 replies →
Encoding a type name into an ID is never really something I've viewed as being about performance. Think of it more like an area code, it's an essential part of the identifier that tells you how to interpret the rest of it.
That's fair, and you could definitely put a prefix and a UUID (or whatever), I failed to consider that.