encrypt to short string

Question

What encryption scheme returns a short string? I want a small result less than 32 characters. I also want to be able to decrypt it back to the original plaintext. The purpose is email verification, where the code is sent by email. When the code is received the user logs in into the site and enters the code (or clicks on the link).

EDIT: DECRYPTION is important as after verification i need to relate two non related records

Thanks

http://stackoverflow.com/a/1289114/233286 – ilhan Jun 19 '12 at 06:26 — ilhan, Jun 19 '12 at 06:26
Encryption is not the right tool for this problem. – Ja͢ck Jun 19 '12 at 06:29 — Ja͢ck, Jun 19 '12 at 06:29

score 1 · Answer 1 · answered Jun 19 '12 at 06:20

1

Verification systems like that use randomly generated strings (which are stored in a database when the account is created), not encrypted data.

answered Jun 19 '12 at 06:20

Quentin

914,110
126
1,211
1,335

score 0 · Answer 2 · answered Jun 19 '12 at 06:21

Do you need to decrypt it back! You can generate non duplicate random string and assign that code to that user. You then search the code and get the user from the database. You can add additional feature to store the time it was created and expire it in 24 hours

score 0 · Answer 3 · answered Jun 19 '12 at 06:21

0

If you do not need security, a one way hash function will be enough. CRC32 is a good choice. You can send a message and then await for the user to input the same response.

answered Jun 19 '12 at 06:21

Sebastian Oliva

335
3
7

score 0 · Accepted Answer · answered Jun 19 '12 at 11:03

You're talking about encryption but clearly need a hashing function. You can then relate the hash to any data model you want (whatever it is you want to 'encrypt' in this case) in a database. The hash is used like the key of a key-value store and can be completely random. The final size of an encryted string is always directly related to the size of the original string. Otherwise you're probably confusing hashes and encryption.

So a simple use-case:

A user registers into a website.
The registration controller creates a new record into the 'pending_users' table which has only 2 columns: user_id and random_key.
And email is sent to the user containing the value of the random_key which is exposed as a link to verification.php?key=$random_key

When the user executes the verification.php controller, the controller checks for the presence of the $random_key in the pending_users table. If found, it removes the record and changes a flag in the users table (active_account = true for example). If not found an error is sent back to the user.

Hope this helps, Cheers

score 0 · Answer 5 · answered Jun 19 '12 at 11:03

What you are asking for is impossible. It is the holy grail that companies writing programs like pkzip and rar are willing to kill for. Imagine any file (few gigs of data) can be compressed into just 32 bytes. ;)

Anyway, what you are trying to do has been done before. By storing a uuid with the email in the database. The quid will be mailed to the user and they can enter that in your form. Then it is just a simple query of the database to find the corresponding record.

encrypt to short string

5 Answers5