On Friday 29 January 2010 11.21:00 Joe Kramer wrote:
> We have bunch of servers running the app and rebuilding postgres with
> support for ossp_uuid on all servers is time consuming.
> Is there a way of doing it without third party dependency like
> ossp_uuid? Should I just run md5(random number), will itbe the same ?
If you're building your own: at least use sha1 instead of md5.
(Even md5 *should* be safe in the absence of malicious attacks, but md5 is
generally not recommended anymore.)
Everything depends on the quality of your random numbers. I don't know how
much randomness pg's random() delivers, and as I've said I haven't looked
what the uuid module does.
(To give you an example: if random() only delivers a random 32 bit float
value, the 160 bits of SHA-1 will not be used. You'll only use 4 billion
different values and you *will* soon get collisions.)
If I were to roll my own, I'd just use 256 bit of /dev/random (or, depending
on the application, possibly /dev/urandom and take the risk that my values
aren't that random.) Since it's random anyway, there's no need to use a
hash. (Not sure: can a SQL function read arbitrary binary files or will a C
module be necessary?)
Speed: just did a quick test on one machine. reading 1kB from /dev/random
takes about 1s. (constant 5MB/s disk activity with lots of seeking going
on, no hw random device.) So you'd get ca. 32 id values per second. Don't
know if that's a lot or not for your application.
Magnus: can you elaborate on uuid not being secure? AFAICT v4 uuid are
supposed to be essentially a random number formatted in a certain way.
cheers
-- vbi
--
featured product: GNU Privacy Guard - http://gnupg.org