I’m working on a little side project, an online casino wallet system, where one of the things I’m doing is generating a random number and handing it out to each player that joins. This random number acts as a key to an hmac to generate a hash based on, at first, the player’s identity. The resulting hash is the player’s first wallet identifier. The entire point of doing all this is to reduce the chance of someone guessing the identity of the player’s wallet. Only if they knew this random number, the hmac algorithm used, and the player’s identity, would they be able to deduce the first wallet’s identity. Each time I exchange a player’s wallet for a new wallet I can either use the random number and the old wallet identity to compute the next wallet identity, or I can generate a new random number, use a different hmac algorithm, and use the old wallet identity in the process. Another advantage is that the wallet identity generation is deterministic.
I’m not a security expert nor a mathematical genius, which makes me wonder if this approach is even sane. I’m sensing a pattern or somewhat more formal prior art, but I honestly would not know where to look first. I’d gladly take any feedback or pointers on all this.