I'm planning on using an md5 hash to confirm or not a secure operation, part of the hash original data is public, the other part is not:
partnerId : fixed 15 chars string (PUBLIC)
amount: int value, from 0 to 6500000 (PUBLIC)
transactionId: string, 5 to 30 chars (PUBLIC)
secure: string, yet to decide how long it needs to be. (PRIVATE)
The resulting hash is md5(partnerId.amount.transactionId.secure);
The secure constant is safe in my partner server and in my server, so in theory we are the only one that can replicate the hash. But I wonder how long needs to be the secure variable in order to keep the hash safe, how long in percentage terms compare to the public part of the hash, 80 private/20 public ? 50 / 50?
Is there maybe an equation to measure this?