0

Picture that you're typing in a input. For each character you add (including special characters, like @ . # ¤ % & ~ and so on), a unique code will generate based on the content. Not a hash! This unique code will only be 20 characters long.

Example

  • This is just an example becomes H59S7Y54CI6M7S2XX8A9
  • This is another example becomes C77KE95HIAJ7VN582758
  • Hello! I am a example string! becomes Y8BV572SF8U76RXVB944
  • This is just an example becomes H59S7Y54CI6M7S2XX8A9

Why I want this

I am working on a project where the visitors can login to their own accounts (if they have one). As soon as they type in their email address and password, a unique code will generate based on the string (in a hidden input), so the website can identify the user and get the right data from the database.

Why do I want it?

I encrypt everything in the database with 256-bit AES and each user have their own encryption key. To identify the entered email address and password (which is encrypted with the websites encryption key until they login for the first time), this unique code (based on the string) will identify the login. To do the identification of the login with the websites encryption keys is therefore impossible. Hence my question.

This can maybe be a security risk since the unique code will be stored in the databased hashed in MD5 or Whirlpool, but I have no idea of how I can identify the login in another way. If you know a better way, please tell me.

So, how do I accomplish this? Is it even possible to do?

I know how to generate a unique code which is not based on the content (for an example, generating passwords), but I don't know how to generate a code that are unique based on the content.

chazsolo
  • 7,873
  • 1
  • 20
  • 44
Airikr
  • 6,258
  • 15
  • 59
  • 110
  • 6
    What you're describing *is* a hash function. – p.s.w.g Jan 23 '19 at 17:58
  • If you are going to do something like this, which seems very strange, the "code generation" from the email and password should be done on the server side, not the client side. – Taplar Jan 23 '19 at 17:59
  • Looks like you're re-inventing a wheel.. – Kosh Jan 23 '19 at 18:00
  • @KoshVery, it looks like he's reinventing the wheel, destroying it, erasing it from his memory, dying, coming back to life, and then reinventing the wheel. Again. – yaakov Jan 23 '19 at 18:14

1 Answers1

1

I don't know the purpose, but replying directly to your question on how to generate a unique code which is based on the content, you can have something like this

function symmetricEncode(content){
  var output = [];
  for (var i=0; i<content.length; i++){    
    output.push(String.fromCharCode(~ content[i].charCodeAt()));
  }
  return output.join("");
}

var string = "Hey you there";
var code = symmetricEncode(string);

console.log("string to code: ", string);
console.log("code: ", code);
console.log(typeof code);
console.log("decoded code: ", symmetricEncode(code));

This code is not merely a hash, because you can decode it, meaning it is unique, that is, for every input, you get an unique output

Other types of hashes (for example multiplying all the characters) do not fulfil these criteria, because for two different inputs you may get the same output (very unlikely though possible), not being then purely reversible. The ~ makes reference to the bitwise not operator.

João Pimentel Ferreira
  • 14,289
  • 10
  • 80
  • 109
  • Thank you. But is it possible to get a string out of the array? It feels kind of weird to save an array to the database :P – Airikr Jan 23 '19 at 18:48
  • @Erik yes, it is, I amended the question for that purpose – João Pimentel Ferreira Jan 23 '19 at 18:53
  • Nice edit. But the encoded string looks like this now: `ᄋレニ￟ニミハ￟ヒラレヘレ`. This is maybe a noob question, but is the `￟` sign friendly for the database? – Airikr Jan 23 '19 at 18:54
  • 1
    @Erik there is no problem with that, if you do `typeof code` the result will be a string. If you want the code to be restricted between `[a-z][A-Z]` it will be possible, but more complex – João Pimentel Ferreira Jan 23 '19 at 18:57
  • Thanks. But `typeof code` returns (literally) `string`. I want to have both big letters and numbers :) But I think it's better with lowercase and uppercase letters with numbers? – Airikr Jan 23 '19 at 19:05
  • @Erik unless you want something fancy to show, you _do not need_ letters and numbers on the coded string. Your database surely support normal string or utf-8, which is perfectly ok. You see `￟` because your browser cannot interpret that code into a character (maybe some odd strange Asian character, but it's still a valid character). If it were not correct, the last line of the code (`symmetricEncode(code)`) wouldn't work, and it _does work_ . – João Pimentel Ferreira Jan 23 '19 at 20:25
  • 1
    I want it to show like `27746TU8W38KR3A58P39`, but I'll keep it without `typeof code` for now. Many thanks for your help :) – Airikr Jan 23 '19 at 20:29
  • 1
    @Erik you can try this: https://stackoverflow.com/questions/7616461/generate-a-hash-from-string-in-javascript – João Pimentel Ferreira Jan 23 '19 at 20:34
  • Many thanks once more! One tiny issue though. `code.hashCode()` returns `-864702016`. Why minus at the beginning? – Airikr Jan 23 '19 at 20:38
  • 1
    @Erik it's just the output of the unique hash for that string, the sign is not relevant – João Pimentel Ferreira Jan 23 '19 at 20:41