SecureRandom.uuid vs UUID gem
Sophia Terry 
Is there a difference between ruby's SecureRandom.uuid (Ruby 1.9.3) and the UUID gem? Is the UUID gem the "old" way of doing things?
From the docs I gather that the gem is more "safe" to be a real unique UUID while SecureRandom.uuid is more of a random string which has a larger chance of not being unique. In addition UUID seems to allow a file-based persistence to assist with this.
So I was hoping to hear from some people with more insight than me into this.
41 Answer
There are several methods of generating a UUID.
Wikipedia does a good job of listing them out.
v4 UUIDs:
The key idea about random, is that is actually very hard to generate when relating to encryption. Most random number generators are a math formula that just need to LOOK random and that works fine for most applications. Many programs will use $pid | time, to generate a random seed.
Which, is not very promising... I know what time the request was generated and there are only 65,534 pids. I can figure out the random seed from that.
So, if you seed your UUIDv4 number generator at the exact same time (same second) with $pid | time() across 100 machines with the PID numbers, then you have (I guess) a 100/65536 chance of duplication. This could be done fairly easily like this
for MACH in `cat machine_list`; do ; ssh $MACH -c "restart something" & ; doneSecureRandom:
The code from SecureRandom, tries openssl, the /dev/urandom, then win32...
When reading from /dev/urandom, it's very random, but if there isn't enough chaos in the system, urandom will make stuff up to supply random data. When reading from /dev/random, its' VERY random, and if there isn't enough chaos, /dev/random will block.
UUID:
The UUID gem uses rand()
r = [rand(0x100000000)].pack "N"
for the mac address.
UUID also does not supply v4 UUIDs :)
Practically, if I ever have a md5 or uuid collision I am buying a lottery ticket!
1
