My use of UUIDs as DB keys has nothing to do with security. Just global uniqueness. The term UUID doesn't imply any security.
On Mon, Aug 6, 2012 at 9:29 PM, Tim Caswell <[email protected]> wrote: > Isaac is correct. Date.now is pretty guessable from a security standpoint > and so is Math.random. I was suggesting it for cases where that's not an > issue. > On Aug 6, 2012 8:11 PM, "Isaac Schlueter" <[email protected]> wrote: > >> That looks like I was responding to Mark Hahn's commnet about sorting; I >> wasn't. >> >> Of course it's fine to put the date on there *also*, but my point is >> merely that (Date.now() + Math.random()) is not sufficiently random to >> call it a uuid. >> >> On Mon, Aug 6, 2012 at 6:09 PM, Isaac Schlueter <[email protected]> wrote: >> > Math.random() is not cryptographically secure entropy, and Date.now() >> > is extremely guessable. If you are worried about someone *wanting* to >> > cause collisions, then that's not so great. >> > >> > If you don't care about the IETF, and you are writing your program in >> > Node, then the simplest approach is something like: >> > >> > var uuid = crypto.randomBytes(24).toString('base64') >> > >> > To do it asynchronously (since the crypto ops are a little slow): >> > >> > crypto.randomBytes(24, function (er, bytes) { >> > var uuid = bytes.toString('base64') >> > }) >> > >> > Make the number bigger or smaller to adjust the amount of entropy. >> > >> > Note that IETF uuids are "only" 16 bytes of entropy, so if you do want >> > IETF-style uuids, you can do this: >> > >> > var uuid = crypto.randomBytes(16).toString('hex') >> > var ietfStyle = uuid.replace(/^(.{8})(.{4})(.{4})(.{4})(.{12})$/, >> > '$1-$2-$3-$4-$5') >> > >> > I'm going to be moving npm to just use base64 random bytes for salt >> > eventually, just never got around to it. >> > >> > >> > On Mon, Aug 6, 2012 at 4:02 PM, Mark Hahn <[email protected]> wrote: >> >> The advantage of starting off with the time is that the UUIDs sort by >> order >> >> generated which is useful for DB ids. Coding a time into base 36 is a >> bit >> >> dangerous though as it may not sort right at some time in the future. >> That >> >> time may be centuries from now, not sure. Sorting by hex is known to >> be far >> >> in the future. >> >> >> >> >> >> On Mon, Aug 6, 2012 at 3:56 PM, Mark Hahn <[email protected]> wrote: >> >>> >> >>> FWIW, here is the code to exactly match couchdb. >> >>> >> >>> UUID = -> '0' + (new Date().getTime() * 1e3).toString(16) + >> >>> Math.floor(Math.random() * 1e18).toString(16) >> >>> >> >>> >> >>> On Mon, Aug 6, 2012 at 3:43 PM, Rick Waldron <[email protected]> >> >>> wrote: >> >>>> >> >>>> On Mon, Aug 6, 2012 at 6:28 PM, Mark Hahn <[email protected]> wrote: >> >>>>> >> >>>>> That isn't a hack. It is almost a copy of what couchdb offers. I >> use >> >>>>> it all the time. >> >>>> >> >>>> >> >>>> One is an IETF (RFC) and the other isn't. >> >>>> >> >>>> http://www.ietf.org/rfc/rfc4122.txt >> >>>> >> >>>>> >> >>>>> >> >>>>> On Mon, Aug 6, 2012 at 2:17 PM, Ted Young <[email protected]> >> >>>>> wrote: >> >>>>>> >> >>>>>> Thanks for the feedback, glad to know I found the defacto solution. >> >>>>>> Tim, that's funny, your hack is more or less what I started with, >> but I >> >>>>>> became suspicious that it was too easy somehow. Maybe I'll switch >> back to >> >>>>>> that if file-size/performance becomes an issue (which it won't). >> >>>>>> >> >>>>>> Ted >> >>>>>> >> >>>>>> On Aug 6, 2012, at 8:27 PM, Tim Caswell <[email protected]> >> wrote: >> >>>>>> >> >>>>>> Depending on how strict your requirements are, I often just use: >> >>>>>> >> >>>>>> Date.now.toString(36) + "-" + (Math.random() * >> >>>>>> 0x10000000).toString(36) >> >>>>>> >> >>>>>> Date.now is unique every ms and Math.random has a keyspace of >> 2^32, so >> >>>>>> collisions are statistically impossible in most practical >> >>>>>> applications. >> >>>>>> >> >>>>>> >> >>>>>> On Mon, Aug 6, 2012 at 1:01 PM, Rick Waldron < >> [email protected]> >> >>>>>> wrote: >> >>>>>> >> >>>>>> >> >>>>>> On Monday, August 6, 2012 at 1:38 PM, Martin Cooper wrote: >> >>>>>> >> >>>>>> On Mon, Aug 6, 2012 at 10:28 AM, Ted Young <[email protected] >> > >> >>>>>> wrote: >> >>>>>> >> >>>>>> Hey y'all, >> >>>>>> >> >>>>>> So, I have a need for global unique id's. Googling about, I've >> found >> >>>>>> the >> >>>>>> following implementations that seem decent: >> >>>>>> >> >>>>>> https://github.com/broofa/node-uuid >> >>>>>> >> >>>>>> >> >>>>>> FWIW, this is the package that npm uses. >> >>>>>> >> >>>>>> +1 >> >>>>>> >> >>>>>> I've been using Robert Keiffer's impl in projects since before it >> was >> >>>>>> even >> >>>>>> on npm—I consider it a "go to" >> >>>>>> >> >>>>>> Rick >> >>>>>> >> >>>>>> >> >>>>>> -- >> >>>>>> Martin Cooper >> >>>>>> >> >>>>>> >> >>>>>> https://gist.github.com/1308368 >> >>>>>> >> >>>>>> Not really sure why I would pick one over the other (besides file >> >>>>>> size), or >> >>>>>> if there are any js-specific issues I should be aware of. Any >> advice? >> >>>>>> >> >>>>>> Cheers, >> >>>>>> >> >>>>>> Ted >> >>>>>> >> >>>>>> -- >> >>>>>> Job Board: http://jobs.nodejs.org/ >> >>>>>> Posting guidelines: >> >>>>>> >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> >>>>>> You received this message because you are subscribed to the Google >> >>>>>> Groups "nodejs" group. >> >>>>>> To post to this group, send email to [email protected] >> >>>>>> To unsubscribe from this group, send email to >> >>>>>> [email protected] >> >>>>>> For more options, visit this group at >> >>>>>> http://groups.google.com/group/nodejs?hl=en?hl=en >> >>>>>> >> >>>>>> >> >>>>>> -- >> >>>>>> Job Board: http://jobs.nodejs.org/ >> >>>>>> Posting guidelines: >> >>>>>> >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> >>>>>> You received this message because you are subscribed to the Google >> >>>>>> Groups "nodejs" group. >> >>>>>> To post to this group, send email to [email protected] >> >>>>>> To unsubscribe from this group, send email to >> >>>>>> [email protected] >> >>>>>> For more options, visit this group at >> >>>>>> http://groups.google.com/group/nodejs?hl=en?hl=en >> >>>>>> >> >>>>>> >> >>>>>> -- >> >>>>>> Job Board: http://jobs.nodejs.org/ >> >>>>>> Posting guidelines: >> >>>>>> >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> >>>>>> You received this message because you are subscribed to the Google >> >>>>>> Groups "nodejs" group. >> >>>>>> To post to this group, send email to [email protected] >> >>>>>> To unsubscribe from this group, send email to >> >>>>>> [email protected] >> >>>>>> For more options, visit this group at >> >>>>>> http://groups.google.com/group/nodejs?hl=en?hl=en >> >>>>>> >> >>>>>> >> >>>>>> -- >> >>>>>> Job Board: http://jobs.nodejs.org/ >> >>>>>> Posting guidelines: >> >>>>>> >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> >>>>>> You received this message because you are subscribed to the Google >> >>>>>> Groups "nodejs" group. >> >>>>>> To post to this group, send email to [email protected] >> >>>>>> To unsubscribe from this group, send email to >> >>>>>> [email protected] >> >>>>>> For more options, visit this group at >> >>>>>> http://groups.google.com/group/nodejs?hl=en?hl=en >> >>>>>> >> >>>>>> >> >>>>>> -- >> >>>>>> Job Board: http://jobs.nodejs.org/ >> >>>>>> Posting guidelines: >> >>>>>> >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> >>>>>> You received this message because you are subscribed to the Google >> >>>>>> Groups "nodejs" group. >> >>>>>> To post to this group, send email to [email protected] >> >>>>>> To unsubscribe from this group, send email to >> >>>>>> [email protected] >> >>>>>> For more options, visit this group at >> >>>>>> http://groups.google.com/group/nodejs?hl=en?hl=en >> >>>>> >> >>>>> >> >>>>> -- >> >>>>> Job Board: http://jobs.nodejs.org/ >> >>>>> Posting guidelines: >> >>>>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> >>>>> You received this message because you are subscribed to the Google >> >>>>> Groups "nodejs" group. >> >>>>> To post to this group, send email to [email protected] >> >>>>> To unsubscribe from this group, send email to >> >>>>> [email protected] >> >>>>> For more options, visit this group at >> >>>>> http://groups.google.com/group/nodejs?hl=en?hl=en >> >>>> >> >>>> >> >>>> -- >> >>>> Job Board: http://jobs.nodejs.org/ >> >>>> Posting guidelines: >> >>>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> >>>> You received this message because you are subscribed to the Google >> >>>> Groups "nodejs" group. >> >>>> To post to this group, send email to [email protected] >> >>>> To unsubscribe from this group, send email to >> >>>> [email protected] >> >>>> For more options, visit this group at >> >>>> http://groups.google.com/group/nodejs?hl=en?hl=en >> >>> >> >>> >> >> >> >> -- >> >> Job Board: http://jobs.nodejs.org/ >> >> Posting guidelines: >> >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> >> You received this message because you are subscribed to the Google >> >> Groups "nodejs" group. >> >> To post to this group, send email to [email protected] >> >> To unsubscribe from this group, send email to >> >> [email protected] >> >> For more options, visit this group at >> >> http://groups.google.com/group/nodejs?hl=en?hl=en >> >> -- >> Job Board: http://jobs.nodejs.org/ >> Posting guidelines: >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> You received this message because you are subscribed to the Google >> Groups "nodejs" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nodejs?hl=en?hl=en >> > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
