Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SecureRandom.uuid vs UUID gem

Tags:

uuid

ruby

Is there a difference between ruby's SecureRandom.uuid (Ruby 1.9.3) and the UUID gem? Is the UUID gem the "old" way of doing things?

From the docs I gather that the gem is more "safe" to be a real unique UUID while SecureRandom.uuid is more of a random string which has a larger chance of not being unique. In addition UUID seems to allow a file-based persistence to assist with this.

So I was hoping to hear from some people with more insight than me into this.

like image 578
Dmitriy Likhten Avatar asked May 20 '13 13:05

Dmitriy Likhten


People also ask

Is SecureRandom UUID unique?

SecureRandom. uuid generates a v4 random UUID (Universally Unique IDentifier). The version 4 UUID is purely random (except the version). It doesn't contain meaningful information such as MAC address, time, etc.

What is SecureRandom hex?

SecureRandom. hex generates a random hexadecimal string. The argument n specifies the length, in bytes, of the random number to be generated. The length of the resulting hexadecimal string is twice n. If n is not specified or is nil, 16 is assumed.


1 Answers

There are several methods of generating a UUID.

Wikipedia does a good job of listing them out.

http://en.wikipedia.org/wiki/Universally_unique_identifier

v4 UUIDs:

The key idea about random, is that is actually very hard to generate when relating to encryption. Most random number generators are a math formula that just need to LOOK random and that works fine for most applications. Many programs will use $pid | time, to generate a random seed.

Which, is not very promising... I know what time the request was generated and there are only 65,534 pids. I can figure out the random seed from that.

So, if you seed your UUIDv4 number generator at the exact same time (same second) with $pid | time() across 100 machines with the PID numbers, then you have (I guess) a 100/65536 chance of duplication. This could be done fairly easily like this

for MACH in `cat machine_list`; do ; ssh $MACH -c "restart something" & ; done

SecureRandom:

The code from SecureRandom, tries openssl, the /dev/urandom, then win32...

When reading from /dev/urandom, it's very random, but if there isn't enough chaos in the system, urandom will make stuff up to supply random data. When reading from /dev/random, its' VERY random, and if there isn't enough chaos, /dev/random will block.

UUID:

The UUID gem uses rand()

   r = [rand(0x100000000)].pack "N"

for the mac address.

UUID also does not supply v4 UUIDs :)

Practically, if I ever have a md5 or uuid collision I am buying a lottery ticket!

like image 96
Daniel Avatar answered Oct 04 '22 11:10

Daniel