-1

I am developing software for a factory to track operators' work. The system generates coupons with a unique serial number (TaskId) for each task. Users scan a QR code or manually input the serial number (which is displayed in Base 26) into an Android app after completing a task.

To prevent exploitation where users insert neighboring IDs to access more coupons, I implemented a solution using C# Random function to append a two-character check at the end using the serial number as its seed. However, I discovered that the Random function may not generate the same number with the same seed across different .NET versions.

I am exploring alternatives to the Random function, considering CRC checks but concerned about generating neighboring values for neighboring seeds. I want a simple solution, as users may need to manually type the serial number.

What would be a better way to replace the Random function in this context, considering the simplicity of generated characters and ease of manual input?

The solution should be easy enough for computer to calculate, yet troublesome enough for mere humanbeing to guess (of course they can still brute force it, but each coupon only worth few cents).

Thanks in advance!

Improve this question
3
  • A Mersenne Twister is used in some OTP (One Time Password) methods for designated seeds to generate pseudo random numbers. Each day you could use a deferent set seed, Commented Jan 6, 2024 at 7:09
  • 1
    Wouldn't it be better to store the issued taskids somewhere and then check whether a specific ticket has indeed been issued? That way, the number could be truly random. Commented Jan 6, 2024 at 8:08
  • @PMF the TaskId is a serial number. It will never duplicate. Just the two characters check after the serial number must be at least appear random for human being, so they can't guess it from the serial number at front. It is okay for this two characters check to duplicate among other serial number Commented Jan 6, 2024 at 8:43

1 Answer 1

Reset to default
3

If I understand correctly, you have sequential TaskIds (say 101) and you want to avoid someone just using "102" by adding extra random characters at the end (say 101G6 and 102FZ) and thus preventing them from knowing what the next valid TaskId is.

You can do this using a hash. A hash takes in "something" and outputs "something else" that looks completely random. It's deterministic, so it will always be the same even across different platforms/languages. It's used to protect passwords.

You could use for example the first two characters of the hash. You can also use a secret "salt" if you're afraid that your users might know that you hash.

Sample: Hash string in c#

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Yes you understand correctly, but I use base 26 character (A =0, B=1, C=2,.. Z=25). So there will be something like AAA, AAB,AAC and so on.(only alphabet). With the appended check, it will be like AAAGZ, AABFU, AACKU and so on.. I consider using Hash, but not sure if Hash will generate all possible values for my check from AA until ZZ so that any user who want to brute force will require more effort (at max 626 tries to get correctly)
A hash will generate random letters and numbers. There is no guarantee that every single combination will be hit (same as random number). If you don't want the numbers, you can easily manipulate the hash to convert it to a letter. A hash seems to fit your use case perfectly.
@FitriHalim: This seems like a low-security application. If that is the case, then taking the low 32-bits of any decent hash, even non-cryptographic hashes, and reducing it mod 26^2 will give you two base26 characters you can use as a checksum. If you are worried about someone reverse engineering your app and figuring out how you compute the checksum, then you need to state that in your question.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.