Hacker News new | past | comments | ask | show | jobs | submit login
Hashids – Generate short hashes from numbers (hashids.org)
53 points by yildizbe on Aug 11, 2014 | hide | past | web | favorite | 29 comments

> use them as forgotten password hashes

Please don't.

The author tries to trick you into believing it is secure by including a salt. However the resulting key space of the "hash" gives you the same security as a 5-6 character alphanumeric password. A motivated attacker could enumerate all possibilities in a few hours.

You could use that argument to say 4-digit bank card PINs are really bad security - and you'd be right, except that they're always locked out after N attempts.

Why not the same approach here? if you try to brute force a password reset, you lock out further attempts for a few minutes.

You can then use this lockout for a denial of service attack.

oh no ... I am unable to change my (perfectly secure) password for ten minutes because an attacker is attempting to brute force my password reset. I'd regard that as a feature, not a bug.

you don't need to lock out the entire account.

Interesting. Effectively it's base62 encoding with a fixed salt. I think saying "encrypt" and "decrypt" is sort of misleading, even though you call the non-cryptographic nature of the hashing in the README files.

For my own products I do something a little different. Instead, when I create a record I generate a random number (with Ruby's SecureRandom module) and store the base32 encoding in the database. With the universe set at 1bil, this reliably generates a random 6 character string that I can safely show to the customer.

Edit: base62, not base82

You're storing 6-char base-32 values, so 1073741824 possibilities, but you've got 50-50 chance of collision after 38582 values - that's not a lot, the birthday paradox bites again! Using much larger random values or hashes gives you a better safety margin.

I also have a unique constraint on the value and re-run the generator if there's a collision.

That is something that hashid avoids.

> this reliably generates a random 6 character string that I can safely show to the customer

Are you sure about that? You might want to consider a smaller alphabet, with vowels and ambiguous letters/numerals (0/O, 1/l/I) omitted. That has two advantages: you won't accidentally generate an identifier containing meaningful words (notably profanity), and the identifiers become easier to unambiguously transcribe and interpret. And you'll still reliably get a 6-character identifier as long as you have at least 32 symbols to use.

That's a fair point. So far there hasn't been any transcribing necessary because I have the customers reply to their receipt emails if they have a problem, but that's definitely something to consider if you have to do phone support.

It's also useful for anything where they might retype the string. (Even if you tell them to copy/paste, some people will still retype.) Not that this necessarily applies to you, but for others considering similar schemes, avoiding I/1/l and such can be really handy.

Base82? You mean base62 - 26(letters) x 2 (other case) +10 (digits)? Or am I missing something?

Nope, you're exactly right. Need more coffee.


>For instance, suppose you issue a series of discount coupons. These could be identified by number: 1, 2, 3, 4, ... But of course anyone can fake the number, so you could disguise it with this encryption scheme. Because it's not a one-way hash, the number is recoverable from the coupon, by someone who knows the secret key. When you process the coupon, you decrypt the code, and invalidate that ID so the code can't be used again.

This sounds extremely over-engineered though. You have to have a database of all of the IDs to keep track of which ones are valid, right? If so, you just randomly generate the IDs rather than serializing + encrypting. There is no point in trying to hide information in the ID when it's essentially just a primary key into a database anyway.

If it is encryption and decryption why is it called 'hash'?

They explain that on their website.

Oh, I see:

>> A true cryptographic hash cannot be decrypted. However, to keep things simple the word hash is used loosely to refer to the random set of characters that is generated -- like a YouTube hash.


I've used the Blowfish cipher to obfuscate database IDs into youtube-like URLs. Blowfish has a small 64-bit blocksize which fits nicely into a base64'd URL param.

Hi, Hashids guy here. Thanks for all of your feedback. A few points: 1) a few updates are coming in the next few weeks (especially in the documentation department) 2) re: "use them as forgotten password hashes" comment <- we used to encode a primary id + a create date + a random throw-away int for the user record, and would end up with a url path similar to this: "/reset-password/Q9rsRKqbZ3Ckv" (yes shorter than md5 or bcrypt, also yes - would lock you out after N attempts; many ways to do it - use your own judgement) 3) version table is coming to show which lang implementations are not yet updated (but we'll try to get all on the same page anyway) 4) "encrypt/decrypt" is misleading and is being renamed to "encode/decode" in upcoming versions (I've had a few people try to pass strings and we've discouraged this since this is not an encryption library, that's my fault). Overall, this is not a project for every scenario, but is useful in its own tiny way. Comments/feedback is always welcome via github or the rest of the Internets. Thanks :)

I recently tried using this for a project but ended up switching. I don't really need the encryption ability. More of an issue though is that there is no way to force that the hashes are "short". If you use their example for hashing the default _id in Mongo, you'll end up with a fairly long hash. The only way I could get them short was to switch to an auto-increment starting at 1 and then they will remain short for as long as the number is small. This presented other issues and in the end I found ShortId [1] which made the whole process much simpler.

- [1] https://github.com/dylang/shortid

I mocked up something similar [1] a while ago, although operating on fixed-length integers instead of db keys and not designed with any regard for the "decryption" process. I'm curious if it's flawed in any significant way for the purpose of converting sequential ids into apparently-random distinct ids.

1. http://ideone.com/qLQHI5

I've been using this for a while now and I'm pretty happy with it. Java implementation of Crockford's Base32 algorithm for encoding simple numeric values:


I have an old blogpost around the same idea that many people contributed versions in different languages to: http://kvz.io/blog/2009/06/10/create-short-ids-with-php-like... Hope it's useful

If you don't need salts you can just use the inbuilt base64 functions:

   var numbers = [1, 2, 3,  4, 5];
   var encoded = btoa(''+numbers).replace(/=/g, '');
   var decoded = atob(encoded).split(',').map(Number);
   console.log(encoded, decoded);

If you need a short code the user will have to type the legibility is more important than the length, you can optimize for human input like this:


You still need to remove '5' and 'S'. I'd like a to see people use similar algorithms for mobile input. The two most important characteristics would be to be purely lowercase and to cluster numbers and letters to minimize keyboard switching.

I actually created something really similar, except with more options to fine tune the encoding/decoding process:


FYI the salt has a max size n - All salts longer than n are equivalent to using a salt of substr(salt, 0, n)

My only complaint is that not all the implementations yield the same results.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact