New Response

« Return to the blog entry

You are replying to:

  1. My calculator gets 377,801,998,336 for 28**8.

    How many of these are you going to give out? If you give out a million or them, then (even with my higher number) on average it will take only 377,802 guesses to crack one. That's not very many guesses if it is done with some computer assistance.

    And there's something possibly more important than that. You probably don't want to re-use these codes, but 28*8 is only on the order of 2**26 values, so if you just generate ~8000 random codes (2**13, actually) there will be a 50% chance that you have re-used at least one. (Lookup 'birthday paradox' on wikipedia for the details.)

    I would go with a longer code, and I would not make it random. I would create codes by applying a hash to a set of unique strings. This has the advantage, too, of allowing you to have customer-specific codes that can't be shared (because the hash input strings contain customer names or account numbers), or having codes that are specific to particular partner web site (by having the partner name or number in the hash input strings), or codes that are sharable and generic, all with the same format and generation mechanism.

Your Comments