This post is auto-generated from RSS feed
The Rust Programming Language Forum - Latest topics. Source:
Reverse_resonance_id: self-checking symmetric tokens (baseline/HMAC/salt+iter), CLI + benches
I’ve published reverse_resonance_id — a small Rust crate for generating and verifying self-checking symmetric tokens based on a simple idea: take n (user_id), square it (n²), and pair the decimal string with its reverse, then attach a fast integrity/auth tag.
Links
What and why
- Formats encode n² and its reversed decimal string, so we can cheaply detect tampering.
- Three schemes, depending on your needs:
- Baseline: CRC32 + truncated Blake2s (fast, readable).
- HMAC: HMAC(Blake2s) with configurable tag length (authenticated).
- Salt+Iter: keyless, one-way hardness via iterated Blake2s (configurable time cost).
- Goals: correctness, safety, speed, simple integration. No unsafe. MSRV 1.70+.
Token formats
- Baseline: ---
- HMAC: --<hmac_blake2s_hex_len>
- Salt+Iter: --<salt_hex>--
Payload is "{n2}|{rev}" (bytes), all hex is lowercase.
Quick start (API)
use reverse_resonance_id::{make_token_baseline, validate_token_baseline};
#[cfg(feature = "hmac")]
use reverse_resonance_id::{make_token_hmac, validate_token_hmac};
#[cfg(feature = "salt-iter")]
use reverse_resonance_id::{make_token_salt_iter, validate_token_salt_iter};
fn main() -> Result<(), Box<dyn std::error::Error>> {
// Baseline
let t = make_token_baseline(33)?;
assert!(validate_token_baseline(t.as_str()));
// HMAC (tag 16 hex = 64 bits)
#[cfg(feature = "hmac")]
{
let key = hex::decode("00112233445566778899aabbccddeeff")?;
let th = make_token_hmac(33, &key, 16)?;
assert!(validate_token_hmac(th.as_str(), &key, 16));
}
// Salt+Iter (default salt=4 bytes, iters=2048)
#[cfg(feature = "salt-iter")]
{
let ts = make_token_salt_iter(33, 4, 2_048)?;
assert!(validate_token_salt_iter(ts.as_str()));
}
Ok(())
}
CLI
- Install: cargo install reverse_resonance_id --features cli
- Examples:
- rrid make --scheme baseline 33
- rrid make --scheme hmac --key 00112233445566778899aabbccddeeff --tag-len 16 33
- rrid make --scheme salt-iter --iters 2048 --salt-len 4 33
- rrid verify --scheme baseline
- JSON output with token, scheme, gen_time_ms; exit code 0 on success.
Performance (generate+verify throughput, release build, developer machine)
- Baseline (100k batch): ~595k tokens/sec
- HMAC (tag 16, 50k batch): ~506k tokens/sec
- Salt+Iter:
- 512 iters: ~7.9k tokens/sec
- 1024 iters: ~3.9k tokens/sec
- 2048 iters: ~2.0k tokens/sec
- 4096 iters: ~0.93k tokens/sec
Criterion benches are included if you want to reproduce.
Security notes
- Baseline is best for human-readable/low-risk integrity checks.
- HMAC requires a server-side secret; default 16-hex (64-bit) tags; consider 32-hex for stronger brute-force resistance. Optional zeroize feature for in-memory key erasure.
- Salt+Iter is keyless with time-hardening (DOS considerations apply). Default iters=2048, configurable.
- All hex outputs are lowercase; APIs compare safely for you.
Status
- Library + CLI + benches + docs are in place.
- Tests: unit + property + ignored bulk test; MSRV 1.70; no unsafe; MIT/Apache-2.0.
Feedback welcome
- API ergonomics and defaults (tag lengths, iters).
- Additional features: no_std, wasm, Ed25519 signatures behind feature flag, extra CLIs (e.g., batch verification).
- Real-world throughput numbers on your hardware.
Thanks!
1 post - 1 participant
Read full topic
🏷️ Rust_feed
