SecureRandom.uuid vs UUID gem
Is there a difference between ruby's SecureRandom.uuid (Ruby 1.9.3) and the UUID gem? Is the UUID gem the "old" way of doing things?
From the docs I gather that the gem is more "safe" to be a real unique UUID while SecureRandom.uuid is more of a random string which has a larger chance of not being unique. In addition UUID seems to allow a file-based persistence to assist with this.
So I was hoping to hear from some people with more insight than me into this.
There are several methods of generating a UUID.
Wikipedia does a good job of listing them out.
http://en.wikipedia.org/wiki/Universally_unique_identifier
v4 UUIDs:
The key idea about random, is that is actually very hard to generate when relating to encryption. Most random number generators are a math formula that just need to LOOK random and that works fine for most applications. Many programs will use $pid | time, to generate a random seed.
Which, is not very promising... I know what time the request was generated and there are only 65,534 pids. I can figure out the random seed from that.
So, if you seed your UUIDv4 number generator at the exact same time (same second) with $pid | time() across 100 machines with the PID numbers, then you have (I guess) a 100/65536 chance of duplication. This could be done fairly easily like this
for MACH in `cat machine_list`; do ; ssh $MACH -c "restart something" & ; done
SecureRandom:
The code from SecureRandom, tries openssl, the /dev/urandom, then win32...
When reading from /dev/urandom, it's very random, but if there isn't enough chaos in the system, urandom will make stuff up to supply random data. When reading from /dev/random, its' VERY random, and if there isn't enough chaos, /dev/random will block.
UUID:
The UUID gem uses rand()
r = [rand(0x100000000)].pack "N"
for the mac address.
UUID also does not supply v4 UUIDs :)
Practically, if I ever have a md5 or uuid collision I am buying a lottery ticket!
链接地址: http://www.djcxy.com/p/91482.html上一篇: 偏执狂安全的UUID生成