How are MongoDB's ObjectIds generated?_问答_开发者

开发者 https://www.devze.com 2023-03-01 12:12 出处：网络

Are they somewhat random? I mean....would people be able to break th开发者_如何学编程em apart?They are not random and can be easily predicted :

相关专题：mongodb

Are they somewhat random?

I mean....would people be able to break th开发者_如何学编程em apart?

They are not random and can be easily predicted :

A BSON ObjectID is a 12-byte value consisting of a 4-byte timestamp (seconds since epoch), a 3-byte machine id, a 2-byte process id, and a 3-byte counter

http://www.mongodb.org/display/DOCS/Object+IDs

Heres a javascript implementation of the MongoDB ObjectID (http://jsfiddle.net/icodeforlove/rN3zb/)

function ObjectIdDetails (id) {
    return {
        seconds: parseInt(id.slice(0, 8), 16),
        machineIdentifier: parseInt(id.slice(8, 14), 16),
        processId: parseInt(id.slice(14, 18), 16),
        counter: parseInt(id.slice(18, 24), 16)
    };
}

So if you have enough of them they leak quite a bit of information about your infrastructure. And you also know the object creation dates for everything.

IE: how many servers do you have, and how many processes each server is running.

Generation

They are usually generated on the client side by the driver itself. For example, in ruby, BSON::ObjectID can be used:

https://github.com/mongodb/bson-ruby/blob/master/lib/bson/object_id.rb#L369

You can also generate your own ObjectIds. This is particularly useful if you want to use business identifiers.

Breakability

When using driver generated ObjectIds, is low
When using own business Id, is slightly higher depending on their predictability (login, consecutives identifiers...)

MongoDB database drivers by default generate an ObjectID identifier that is assigned to the _id field of each document. In many cases the ObjectID may be used as a unique identifier in an application.

ObjectID is a 96-bit number which is composed as follows:

a 4-byte value representing the seconds since the Unix epoch (which will not run out of seconds until the year 2106)

a 3-byte machine identifier (usually derived from the MAC address),

a 2-byte process id, and

a 3-byte counter, starting with a random value.

From the MongoDB Official Document links
it shows :

ObjectId
ObjectIds are small, likely unique, fast to generate, and ordered. ObjectId values consist of 12 bytes, where the first four bytes are a timestamp that reflect the ObjectId’s creation. Specifically:

a 4-byte value representing the seconds since the Unix epoch,
a 5-byte random value, and
a 3-byte counter, starting with a random value.
In MongoDB, each document stored in a collection requires a unique _id field that acts as a primary key. If an inserted document omits the _id field, the MongoDB driver automatically generates an ObjectId for the _id field.

Total 12 bytes:

4-byte timestamp value representing the seconds since the Unix epoch (which will not run out of seconds until the year 2106)
5-byte random value, and
3-byte incrementing counter, starting with a random value.

Example from mongo-go-driver:

    var objectId [12]byte

    // 4 bytes unix time-stamp second (big endian)
    binary.BigEndian.PutUint32(objectId[0:4], uint32(timestamp.Unix()))

    // global random number generated by driver 
    copy(objectId[4:9], processUnique[:])
    
    // global counter by driver
    putUint24(objectId[9:12], atomic.AddUint32(&objectIDCounter, 1))