bit-manipulation

I was tasked to update our existing implementation that uses Auto Increment ID from MySQL as the ID for the public API. The objective of this task is to prevent enumeration attacks1 and ensure that the development effort is kept to a minimum. The first thing that came to mind was to use a unique random ID like UUIDv42. However, since we are using MySQL as the database, indexing UUIDs has a significant performance impact3 due to their randomness and the locality problem of the B-Tree Index4....

I have a simple algorithm to conceal an auto-increment ID within a globally unique identifier such as UUIDv4, which involves XOR. The motivation behind this algorithm is to eliminate the predictability of the auto-increment ID when it’s exposed in a URL1. I can use UUID directly, but indexing UUIDs in MySQL has a significant performance impact2. UUID is necessary for security, while the auto-increment ID is essential for performance. This algorithm combines the best of both worlds....