Symmetric encryption of IDs at the edge. Optional embedded HMAC. Optional text e... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		inopinatus 47 days ago \| parent \| context \| favorite \| on: Exploring PostgreSQL 18's new UUIDv7 support Symmetric encryption of IDs at the edge. Optional embedded HMAC. Optional text encoding. For monotonic bigserial values I'm somewhat fond of base58(AES_K1(id{8} \|\| HMAC_K2(id{8})[0..7])) with purpose/table-salted HKDF subkeys from a scrypt'd system passphrase. The hot path of this is pretty fast. As with all cryptographic solutions it comes with a whole new jungle of pitfalls, caveats, and tradeoffs, but it works.

morshu9001 46 days ago [–]

How big would the resulting public ID be?

inopinatus 46 days ago | [–]

That depends on exact scheme and text encoding, but in the example I give above, they are 22 characters, and I will even pad them in the text encoder for length consistency.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact