2

I would like to scramble a string containing a users UID, so this cannot be tracked using the database. I would also like that this should be a consistant pattern, so no random shuffling of letters - If the user changes the device, the result coming out from this function should still be the same.

Yet, i wouldn't want to add CryptoSwift just for this

This is only to make readability harder, but also to make sure that the same user posts to the same place in the database basically. So there will be no security issues connected to this. It will only be used to anonymize some data.

A UID could look like this "0bb0fca0-1e89-429f-901a-1413894d9f59"

How can i achieve this in the best way?

I'm thinking something like adding prime numbers or having some kind of "black box" for just sending a string to the function and getting another string back. Size of the string or how it should be done doesn't really matter

Giovanni Palusa
  • 1,197
  • 1
  • 16
  • 36
  • Thanks, edited the tags =) – Giovanni Palusa Apr 25 '18 at 09:33
  • 2
    Note also that you can compute SHA hashes on iOS with the “built-in” CommonCrypto library, there is no need to import 3rd party frameworks for that purpose. (See for example https://stackoverflow.com/q/25388747/1187415) – Martin R Apr 25 '18 at 09:37
  • 1
    But is the solution for this really that i need to use libraries like CommonCrypto just to scramble a string? Feels unnecessary since there is no need for security, just to send another string than the one the device handles. – Giovanni Palusa Apr 25 '18 at 09:41
  • That depends on how you define “scramble” – which you didn't yet. Do you want some well-known safe algorithm? Or invent your own? Or do you want *us* to invent an algorithm for you? – First clearly state what you want, then we can think about how to implement it in Swift. – Martin R Apr 25 '18 at 09:43
  • Well known safe algorithm would be nice - I'm thinking something like adding prime numbers or having some kind of "black box" for just sending a string to the function and getting another string back. Size of the string or how it should be done doesn't really matter. – Giovanni Palusa Apr 25 '18 at 09:47
  • 2
    Hashes *are* the well-known safe algorithm for this purpose. Btw, “there is no need for security” and “so this cannot be tracked” are contradictions. What *exactly* are the requirements for your “scrambling”? – Martin R Apr 25 '18 at 09:53

1 Answers1

1

I found a good solution to this. There was a guy who made a single file MD5-converter without any third party libraries named MD5 Digest

Then this library can be used like this

let input = "0bb0fca0-1e89-429f-901a-1413894d9f59"
let md5 = input.utf8.md5
print(md5)

this gives the result:

4a89b58cb43b3eecd289c1d093b48bd0

This is exactly what I wanted, something that can be re-created, but still makes a result based on the string I sent in that the user can't connect to the string being sent in.

Giovanni Palusa
  • 1,197
  • 1
  • 16
  • 36
  • 1
    For the kind of purpose you're describing, MD5 is absolutely fine. But…the tool you should use here is SHA-256. MD5 has significant security flaws. Those likely do not matter for this use, but as a matter of what we often call "crypto hygiene," you should avoid using it. When you add MD5 to a new project, you raise the likelihood that it will be used for purposes where it's a real problem. (You will also have to deal with explaining repeatedly to security people why "it's ok in this case." :D) See https://github.com/CrypTools/HashFunctions/blob/master/SHA256/swift/hash.swift for a Swift impl. – Rob Napier Apr 25 '18 at 13:27
  • I still don't get why you prefer some 3rd party source (which apparently has issues on 32-bit platforms) over a well-vetted library that already comes with iOS/macOS. – Martin R Apr 26 '18 at 07:50