Skip to content

Latest commit

 

History

History
59 lines (48 loc) · 1.96 KB

README.md

File metadata and controls

59 lines (48 loc) · 1.96 KB

build status version license coverage downloads

Obscure

Showing a steadily increasing sequence of integer IDs leaks information to customers, competitors, or malicious entities about the number and frequency of customers, inventory, or orders. Some example include:

/customer/123
/order/308

From these, I would conclude that I am only your 123rd customer with the 308th order. How a customer or competitor would feel about this would differ. However, the point is do I really want others to know this information? In addition, by creating another account or order, I can estimate the rate of change within your systems.

This class will help obscure your sequential order by providing a reversible transformation to your numbers. By using different salts your transformations will be unique. In addition, the class gives some output helpers for hex, base32, and base64. There is one I call 'tame' as it removes the letters i and u to elimination some common offensive words.

Install

By far the simplest method is to use pip:

$ pip install obscure

Example

$python -m obscure --bits=64 --demo 0 1 2

>>> from obscure import FeistelCipher, Encoder
>>> cipher = FeistelCipher(bits=64)
# For a consistant transformations between instances,give a
# salt and small prime for the Feistel cipher's round function
>>> cipher = FeistelCipher(0x1234, 0xc101, bits=64)
>>> numeric_id = 1234
>>> cipher(numeric_id)
249699227
# Reverse the transformation
>>> cipher(cipher(numeric_id))
1234
# Use an Encoder to wrap the Feistel cipher
>>> encoder = Encoder(Feistel, "base32")
>>> encoder.encode(numeric_id)
"XXX"
>>> encoder.decode('XXX")
1234