SecureRandom.uuid vs UUID gem

Question

Is there a difference between ruby's SecureRandom.uuid (Ruby 1.9.3) and the UUID gem? Is the UUID gem the "old" way of doing things?

From the docs I gather that the gem is more "safe" to be a real unique UUID while SecureRandom.uuid is more of a random string which has a larger chance of not being unique. In addition UUID seems to allow a file-based persistence to assist with this.

So I was hoping to hear from some people with more insight than me into this.

Answer 1

There are several methods of generating a UUID.

Wikipedia does a good job of listing them out.

http://en.wikipedia.org/wiki/Universally_unique_identifier

v4 UUIDs:

The key idea about random, is that is actually very hard to generate when relating to encryption. Most random number generators are a math formula that just need to LOOK random and that works fine for most applications. Many programs will use $pid | time, to generate a random seed.

Which, is not very promising... I know what time the request was generated and there are only 65,534 pids. I can figure out the random seed from that.

So, if you seed your UUIDv4 number generator at the exact same time (same second) with $pid | time() across 100 machines with the PID numbers, then you have (I guess) a 100/65536 chance of duplication. This could be done fairly easily like this

for MACH in `cat machine_list`; do ; ssh $MACH -c "restart something" & ; done

SecureRandom:

The code from SecureRandom, tries openssl, the /dev/urandom, then win32...

When reading from /dev/urandom, it's very random, but if there isn't enough chaos in the system, urandom will make stuff up to supply random data. When reading from /dev/random, its' VERY random, and if there isn't enough chaos, /dev/random will block.

UUID:

The UUID gem uses rand()

   r = [rand(0x100000000)].pack "N"

for the mac address.

UUID also does not supply v4 UUIDs :)

Practically, if I ever have a md5 or uuid collision I am buying a lottery ticket!