I'm not sure whether I'm doing something wrong, but in an initial test of the code using the numbers in the readme, the mappings I get are:

0       =>1163945558    =>0
1       =>458047115     =>0
2       =>2033899500    =>0
3       =>1609067713    =>4
4       =>1037370658    =>0
5       =>327342599     =>0
6       =>1886417784    =>8
7       =>1448937565    =>8
8       =>873111742     =>0
9       =>184056211     =>16

The code that I'm using to generate this simply encodes the integer and then decodes it again:

<?php

require __DIR__.'/vendor/autoload.php';

use Jenssegers\Optimus\Optimus;

$optimus = new Optimus(1580030173, 59260789, 1163945558);

for($i = 0; $i < 10; $i++)
{
        $enc = $optimus->encode($i);
        echo $i . "\t=> " . $enc . "\t=> " . $optimus->decode($enc) . "\n";
}

I then used spark to generate a different triplet of parameters corresponding to new Optimus(297501427, 217343547, 139284431) and got:

0       => 139284431    => 0
1       => 435604796    => 0
2       => 725240361    => 0
3       => 1031784214   => 0
4       => 1319322627   => 0
5       => 1357169008   => 0
6       => 1646812797   => 0
7       => 1953356650   => 0
8       => 93411415     => 8
9       => 400217412    => 16

Also, for me, both the README and spark generated parameters fail the test on the README and give (PRIME * INVERSE) & MAXID = 0. Is there perhaps a step I have missed or a particular PHP plugin I need to have active for it to work?

This PR is in regards to #35

Currently Optimus only supports encoding of integers up to 2^31-1 (e.g. 0 to 2147483647). This PR allows you to choose a different range for Optimus to use.

This is done by specifying a bit length, where the default bit length is 31, (to preserve current behaviour.) For example, the following will setup Optimus for 48 bit integers (e.g. 0 to 281474976710655).

$ php bin/optimus spark --bits 48
Prime: 59927384369137
Inverse: 166258800519441
Random: 3091726089
Bits: 48

    new Optimus(59927384369137, 166258800519441, 3091726089, 48);

The method for encoding values only works where the maximum integer is a power of 2, which is why the argument for initialising Optimus is bits rather than a maximum integer. (Please correct me if I'm wrong about the maths Optimus uses not working with arbitrary integer ranges.)

On the command line you cannot specify a bit length of 63 or higher -- the system breaks with numbers that large.

The one change I would like to make, but have not to preserve current logic, is for Optimus::encode() to throw an exception if you attempt to encode an integer greater that the bit length would allow. Or at least trigger a warning. This is because people may be encoding values without realising they may decode to a different value.

If the PR is tentatively accepted, I will also update the README.md.

I'm very open to any suggested revisions, or suggestion for a completely different strategy.

Hi @jenssegers

Highlights

• Remove support for EOL php versions (7.0, 7.1, 7.2, 7.3)
• See package usage stats here
• Upgrade phpunit to 9.x
• Test on php 8.1 as well
• Remove support for symfony/console v3 and v4
• Allow symfony/console v6.x

Thanks.

Not sure why this is happening, but I just installed Optimus in a fresh Laravel 5.1 install and once I run php vendor/bin/optimus spark.

This is the result

SRC_DIR="`pwd`"
cd "`dirname "$0"`"
cd '../jenssegers/optimus'
BIN_TARGET="`pwd`/optimus"
cd "$SRC_DIR"
"$BIN_TARGET" "$@"

And I don't see any number being generated. Running the command directly from vendor/bin does not help.

Hi

Could you please split out the generation logic of the spark command into a separate class so that it can be called from elsewhere more easily?

I'm building a Laravel wrapper for Optimus.

Thanks.

Hi,

I've been looking for a decent, basic explanation about hashing, but it's a bit hard to find. I know that generating random values will always have a chance to return duplicate results. MD5 hashes, for example are also random, but not unique...

My big question is if this also applies to the method of hashing that you use. Will there be even the slightest chance that the resulting hash of value X will be the same as the hash of value Y?

Is there a certain rule behind this idea? Is there a requirement of the amount of possible character combinations used for the resulting hash (like hashids uses a pool of characters instead of just numbers) versus the number of characters in the original value?

Or should I always check the database for duplicates?

I hope someone can shine a light on this for me... :)

As suggested previously in #9 .

Derived packages can as such use a consistent number generation logic instead of needing to define it themselves.

Since this package already includes "Optimus" and its life essence "Spark", I thought "Energon" (Transformer's fuel) would be a great addition :-)

Note that the optimus phar still needs to be rebuilt.

Hi @jenssegers ,

Ref #56

Lets replace Travis-ci with GitHub actions.

Highlights

• Update phpunit testcases - replace deprecated methods
• Fix readme.md markdown
• Add download count badge
• Test on php 8.0 (skip coverage for now)

Will try to fix any failing test.

Next todos

• Allow symfony/console v6.x
• Remove support for less than php 7.4
• Test on php 8.1
• Test with phpunit v9

Thanks

Hi @jenssegers,

Lets replace travis-ci with GitHub actions.

There are few warning in logs

assertInternalType() is deprecated and will be removed in PHPUnit 9. Refactor your test to use assertIsInt() instead.

i can fix them, but first let me know if you are willing to merge this PR.

Hello,

I was using a base64+sodium crypt for "hiding" the IDs. The only issue is that base64 is not "URL friendly". I ran the benchmark and it was a big surprise seeing that Optimus+GMP is quite slow in comparison with my approach. With de-obfuscation is a little worse than obfuscation.

Is there a reason why we should not be using the native implementation for integers ?

Optim (php): 2.5046479701996
Optim (gmp): 4.8686540126801
Crypt+Base:  2.9968030452728
SHA1:        1.3528130054474
MD5:         1.3124771118164

Environment:

# Ubuntu
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.5 LTS
Release:        16.04
Codename:       xenial

# PHP
libgmp10/xenial,now 2:6.1.0+dfsg-2 amd64 [installed]
php7.2-gmp/xenial,now 7.2.13-1+ubuntu16.04.1+deb.sury.org+1 amd64 [installed]

# GMP Version
GMP_VERSION=6.1.0

Code:

<?php

require __DIR__ . '/../../vendor/autoload.php';

$salt  = base64_decode('54b20855074befc5a7fa7b93a6925a7d96748fd4');
$nonce = base64_decode('SjIwnGuPPGV3g8tSCx6d6+ov8svAWm0p');
$key   = base64_decode('nZZ/WZIr2M4amGAZ2qpccID2T2gX74Q8bDv3uXWV6/Q=');

$optimus = new \Jenssegers\Optimus\Optimus(1752266083, 78885963, 324523680);

$t0 = microtime(true);
for ($i=0; $i<1000000; $i++) {
    $optimus->encode(1000);
}

$t1 = microtime(true);
$optimus->setMode('gmp');
for ($i=0; $i<1000000; $i++) {
    $optimus->encode(1000);
}

$t2 = microtime(true);
for ($i=0; $i<1000000; $i++) {
    base64_encode(sodium_crypto_secretbox($salt . '1000', $nonce, $key));
}

$t3 = microtime(true);
for ($i=0; $i<1000000; $i++) {
    sha1(1000);
}

$t4 = microtime(true);
for ($i=0; $i<1000000; $i++) {
    md5(1000);
}

$t5 = microtime(true);

echo 'Optim (php): ' . ($t1 - $t0) . "\n";
echo 'Optim (gmp): ' . ($t2 - $t1) . "\n";
echo 'Crypt:       ' . ($t3 - $t2) . "\n";
echo 'SHA1:        ' . ($t4 - $t3) . "\n";
echo 'MD5:         ' . ($t5 - $t4) . "\n";

The last released Laravel has updated his internal dependencies based on Symfony to the 5.* series, including the console.

As for this library, it still requires the 3.0 && 4.0 series, preventing to upgrade the framework.

For what I could see in the library, the only exception is the InvalidPrimeException, which extends from RangeException, which extends from RuntimeException, which extends from Exception, which at last implements the Throwable interface. Being that the only requirement (AFAIK), this can be satisfiable by just adding |^5.0 to the composer.json file under the symfony/console dependency.

Happy to PR it if you're busy

Error with PHP 8.1.11 on this line https://github.com/jenssegers/optimus/blob/a062ac06598e72a25a17ea6cba87f9e02d07b1bc/src/Optimus.php#L68, e.g.

Implicit conversion from float 3.802099463828355E+21 to int loses precision

Hi, thanks for this package!

I'm looking at this as an alternative to Hashids, which I'm avoiding due in part to:

Clearly if you have access to the salt, it is trivial to calculate the function in either direction so the basis for proving or disproving property 2 lies in how easy it is for an attacker to discover the secret salt.

and

" anyone using this library should assume that id's encoded by this library are fully reversible and as such it offers no security over using the raw integer ids.

source: https://carnage.github.io/2015/08/cryptanalysis-of-hashids:

With Knuth's integer hash, it seems like it would be impossible (or at least a few orders of magnitude more difficult) for an attacker to determine the prime number, inverse, and random number and defeat the obfuscation.

Am I correct in assuming this?

I couldn't find anything discussing this online. Are you aware of any research or discussion on this topic?

Obviously key obfuscation of any kind is no guarantee of security, and I have to develop the application such that it ultimately doesn't matter if an attacker gets a real id. That said, it would make me feel better to have a sense of just how hard this obfuscation would be to break, especially relative to Hashids.

Thank you for any info you can provide!

Hi!

I like to use Optimus as an easy way to obfuscate Ids. I don't like to configure it every time.

It would be great to have a Symfony-Flex recipe that would provide an autowireable service with pre-configured random values. A ParamConverter could also be provided by the recipe.

I have adopted Optimus assuming it would support integers up to 2^32-1.

Is there a technical reason why it is limited to 2^31-1? Is it that the method only works when the max integer is prime number?

I would be happy to submit a PR to make the range configurable. But I don't fully understand the maths to know if there's a logical problem with this.

In terms of the maths, why is a large prime preferred over a small prime?

I need some level of control over the generated integer length. I don't know if this is even possible as I don't see any updates on https://github.com/jenssegers/optimus/issues/15. If a fixed length is not possible, maybe a minimum length can be easier to implement?