I built a web application that is going to launch a beta test soon. I would really like to hand out beta invites and keys that look nice.
i.e. A3E6-7C24-9876-235B
This is around 16 character, hexadecimal digits.
It looks like the typical beta key you might see.
My question is what is a standard way to generate something like this and make sure that it is unique and that it will not be easy for someone to guess a beta key and generate their own.
I have some ideas that would probably work for beta keys:
- MD5 is secure enough for this, but it is long and ugly looking and could cause confusion between 0 and O, or 1 and l.
- I could start off with a large hexadecimal number that is 16 digits in length. To prevent people from guessing what the next beta key might be increment the value by a random number each time. The range of numbers between 1111-1111-1111-1111 and eeee-eeee-eeee-eeee will have plenty of room to spare even if I am skipping large quantities of numbers.
I guess I am just wondering if there is a standard way for doing this that I am not finding with google. Is there a better way?
The canonical “unique identifying number” is a uuid. There are various forms – you can generate one from random numbers (version 4) or from a hash of some value (user’s email + salt?) (versions 3 and 5), for example.
Libraries for java, python and a bunch more exist.
PS I have to add that when I read your question title I thought you were looking for something cool and different. You might consider using an “interesting” word list and combining words with hyphens to encode a number (based on hash of email + salt). That would be much more attractive imho: “your beta code is secret-wombat-cookie-ninja” (I’m sure I read an article describing an example, but I can’t find it now).