Unique Identifiers that are User-Friendly and Hard to Guess

Question

My team is working on an application with a legacy database that uses two different values as unique identifiers for a Group object: Id is an auto-incrementing Identity column whose value is determined by the database upon insertion. GroupCode is determined by the application after insertion, and is "Group" + theGroup.Id.

What we need is an algorithm to generate GroupCode's that:

Are unique.
Are reasonably easy for a user to type in correctly.
Are difficult for a hacker to guess.
Are either created by the database upon insertion, or are created by the app before the insertion (i.e. not dependent on the identity column).

The existing solution meets the first two criteria, but not the last two. Does anyone know of a good solution to meet all of the above criteria?

One more note: Even though this code is used externally by users, and even though Id would make a better identifier for other tables to link their foreign keys to, the GroupCode is used by other tables to refer to a specific Group.

Thanks in advance.

Jonas Elfström Jonas Elfström · Accepted Answer · 2009-09-14T20:32:52

Would it be possible to add a new column? It could consist of the Identity and a random 32-bit number.

That 64 bit number could then be translated to a «Memorable Random String». It wouldn't be perfect security wise but could be good enough.

Here's an example using Ruby and the Koremutake gem.

require 'koremu'
# http://pastie.org/96316 adds Array.chunk
identity=104711
r=rand(2**32)<<32 # in this example 5946631977955229696
ka = KoremuFixnum.new(r+identity).to_ka.chunk(3)
ka.each {|arr| print KoremuArray.new(arr).to_ks + " "}

Result:

TUSADA REGRUMI LEBADE

Also check out Phonetically Memorable Password Generation Algorithms.

Unique Identifiers that are User-Friendly and Hard to Guess

2 Answers