What is the state of today's web browsers (Chrome, IE, Safari & Firefox) and their ability to create cryptographically strong UUIDs? In researching this question I have been unable to find anything definitive. I have come across info on stackoverflow and elsewhere that points to issues with Math.random but I would like to know what the current state of all this is.
UPDATE
As icktoofay pointed out, crypto.getRandomValues
is the way to do this. Unfortunately, support across browsers is limited. Is there a proven way to work around this? Are there any javascript libraries that tackle this problem?
Different versions of UUID follow the RFC 4122 specification. UUIDs are generated using an algorithm based on a timestamp and other factors such as the network address. Free tools to generate UUIDs include UUIDTools or Online UUID Generator.
Version 4 (random) A version 4 UUID is randomly generated. As in other UUIDs, 4 bits are used to indicate version 4, and 2 or 3 bits to indicate the variant (102 or 1102 for variants 1 and 2 respectively).
A Universally Unique Identifier (UUID) is a label used to uniquely identify a resource among all other resources of that type. Computer systems generate UUIDs locally using very large random numbers.
UUIDs are handy for giving entities their own special names, for example, in a database. There are several ways to generate them, including methods based on time, MAC addresses, hashes, and random numbers, but they make the same promise: no two are identical. Each one is unique across space and time.
In browsers that have it, you can use crypto.getRandomValues
to get cryptographically-secure pseudorandom values. For example:
var array = new Uint8Array(16);
crypto.getRandomValues(array);
You can then manipulate those bytes into a valid UUID.
Although this doesn't directly answer the original question, it might help someone looking for a library to help with UUID creation. For my current needs I have decided to use the node-uuid library. From the feature list:
Looking at the source it seems to accomplish this by using crypto.getRandomValues which is what @icktoofay suggested.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With