rails - Suggestion on coming up with a secure UUID
I need to create a unique ID to protect something 开发者_运维问答that is very secure.
Right now in Rails I'm doing:
uuid = (UUIDTools::UUID.timestamp_create().to_s.gsub('-','') + UUIDTools::UUID.timestamp_create().to_s.gsub('-',''))
What are your thoughts on this method? Smart? Bad? Suggestions?
Thanks
If you want your identifiers to be unpredictable by any adversary, you will want to use a cryptographically strong pseudo-random number generator. In terms of bit size, 128 bites (or 16 bytes) is a good number.
# if using Ruby < 1.9:
require 'active_support/secure_random'
id = SecureRandom.random_bytes(16)
There are also the methods .hex
, .base64
, and .urlsafe_base64
for your convenience. These simply generate the corresponding number of random bytes, and then encode the random bytes in the appropriate scheme. For example, SecureRandom.hex(16)
will give you 32 securely random hex characters.
UUIDs are not designed for strength of security, and shouldn't be a critical part of any security technique. See http://www.ietf.org/rfc/rfc4122.txt -- especially section 6.
It's difficult to prescribe a solution without more context around your question, but decent quality pseudorandom numbers are likely to be useful. In Rails, ActiveSupport::SecureRandom is handy for this.
It will generate a v4 random UUID (Universally Unique IDentifier) is pure unique across a large namespace for universal unique number to generate a ID in a database.
require 'securerandom'
UUID = SecureRandom.uuid
精彩评论