开发者

rails - Suggestion on coming up with a secure UUID

开发者 https://www.devze.com 2023-01-27 09:02 出处:网络
I need to create a unique ID to protect something 开发者_运维问答that is very secure. Right now in Rails I\'m doing:

I need to create a unique ID to protect something 开发者_运维问答that is very secure.

Right now in Rails I'm doing:

uuid = (UUIDTools::UUID.timestamp_create().to_s.gsub('-','') + UUIDTools::UUID.timestamp_create().to_s.gsub('-',''))

What are your thoughts on this method? Smart? Bad? Suggestions?

Thanks


If you want your identifiers to be unpredictable by any adversary, you will want to use a cryptographically strong pseudo-random number generator. In terms of bit size, 128 bites (or 16 bytes) is a good number.

# if using Ruby < 1.9:
require 'active_support/secure_random'

id = SecureRandom.random_bytes(16)

There are also the methods .hex, .base64, and .urlsafe_base64 for your convenience. These simply generate the corresponding number of random bytes, and then encode the random bytes in the appropriate scheme. For example, SecureRandom.hex(16) will give you 32 securely random hex characters.


UUIDs are not designed for strength of security, and shouldn't be a critical part of any security technique. See http://www.ietf.org/rfc/rfc4122.txt -- especially section 6.


It's difficult to prescribe a solution without more context around your question, but decent quality pseudorandom numbers are likely to be useful. In Rails, ActiveSupport::SecureRandom is handy for this.


It will generate a v4 random UUID (Universally Unique IDentifier) is pure unique across a large namespace for universal unique number to generate a ID in a database.

require 'securerandom'
UUID = SecureRandom.uuid
0

精彩评论

暂无评论...
验证码 换一张
取 消