Randomally generated code

[BSaidus]

Hello.
I wonder if there such function exists. The function must generate code based on some what (date/datetime/time)
the code generated change every call to this function BUT, when the code exchanged to other machine (via TCP/IP)
then seconde machine must generate code using the same function and do comparison.


  [machine1] => code1 ---->(tcp/ip)----->[machine2] => code2
                      ==> (code1 = code2) ??
                     
I thought using datetime (the code change every 1 minute) to allow seconde machine to calculate the same value.

If someone have an idea, I'll be happy
thank you.

[Fibonacci]

OTP?

https://github.com/fibodevy/fpc-otp

[BSaidus]

Thanks, but the FPC 3.2.2 and 3.2.3 do not support

Code: Pascal  [Select][+][-]

1. reference to function

[Fibonacci]

Well, you can use the code at the commit before I removed the "Fundamentals" units for SHA1/SHA256:

https://github.com/fibodevy/fpc-otp/tree/fd38f66799d0ce2c1782eba73719242b721d2c49

[rvk]

If it's randomly generated on one machine... you should never be able to generate this on the second (otherwise it's not random).

What do you want to use this for?

Sending 202504281406 is also a code... with date and time and which can be re-generated on the other machine.
So you need to make clear what you want and where you want to use it for (or against).

[Thaddy]

You can use my UUIDv7 code for that. Actually that is what is is for,
It generates a UUID containing a timestamp in UTC, so that independent of location or time zone applications can exchange data, as long as the other side receives the same UUIDv7. The UUIDv7 has 74 bit random entropy apart from the timestamp and versioning, the random part can be used as a key and the time part for time based sorting.

[rvk]

The UUIDv has 74 bit random entropy apart from the timestamp and the random part can be used as a key and the time part for time based sorting.

Good luck re-generating that exact UUIDv with random part on another machine "EXACTLY".
That's what OP is asking... to re-generate code2 on a second machine where code1 = code2.

I don't see the point in doing this.

[Thaddy]

If the UUIDv7 is send to the other side it can get back the timestamp received, the exact information from, say, a database, the correct record. That's what this particular UUID is for. It is always incremental.

[rvk]

If the UUIDv7 is send to the other side it can get back the timestamp received, the exact information from, say, a database, the correct record. That's what this particular UUID is for. It is always incremental.

So it's not "random" like OP asked.

(see my point... there is no point in the question...)

[Fibonacci]

If the OP wants to secure the communication against replay attacks, just add a timestamp (or a counter) to the packet, and then add salted hash of the packet. But what he asked for sounded like OTP is the answer.

[BSaidus]

If the OP wants to secure the communication against replay attacks, just add a timestamp (or a counter) to the packet, and then add salted hash of the packet. But what he asked for sounded like OTP is the answer.

Thanks for this code, it works well.

Indeed, I want to secure communication with this code so the receiver can decode it (but It must change on every time I send data )
the code sent must change say every 10s MAX ( since the application is in local area).

@Thaddy
I'll try to play with it & see, thanks.

Anyway, the function I want, must calculate code in client side, then send data with this code, when the server application intercept, It do the same calculos with the same function and compare it with the code sent from the client. If it equals then OK.

Any other suggestion is welcom.
Thanks

[Thaddy]

If the UUIDv7 is send to the other side it can get back the timestamp received, the exact information from, say, a database, the correct record. That's what this particular UUID is for. It is always incremental.

So it's not "random" like OP asked.

(see my point... there is no point in the question...)

No I don't see the point: it is 74 bit secure random and changes per ms.

[rvk]

Anyway, the function I want, must calculate code in client side, then send data with this code, when the server application intercept, It do the same calculos with the same function and compare it with the code sent from the client. If it equals then OK.

Still not sure how the client, which receives the code, would check if the code is valid, and not from any other computer.

What is the function? So it's no problem if ANY computer can send such code, as long as it's calculated the same way??
(then you can just send 250428160410{+random number}, rounded at 10 seconds. anyone can do that and you can check that 'code')

Or are you trying to create some security? So only the client with some sort of key sends this data?
Because then you would also need to build in some public/private key part (or alike).

So the question is... is this for security... or just for sending a timestamp (within 10 seconds frame)?

[Thaddy]

Actually, you do not get it:
He needs predicatble timing together with strong random.

[rvk]

BUT, when the code exchanged to other machine (via TCP/IP)
then seconde machine must generate code using the same function and do comparison.

  [machine1] => code1 ---->(tcp/ip)----->[machine2] => code2
                      ==> (code1 = code2) ??

How can you ever do that if code1 is random?

Random implies random, so you can't regenerate it.
So you can never regenerate code2 to be the same as code1.
UNLESS code1 isn't really random.