On Thu, Oct 31, 2013 at 09:54:14PM +0900, MauMau wrote:
> From: "Robert Haas" <robertmhaas@gmail.com>
>> ISTM that the biggest problem is that we don't have a random number
>> generator which generates enough bits of randomness to implement
>> uuid_generate_v3. I think relatively few people would cry if we
>> didn't support uuid_generate_v1(), and the others all look simple
>> enough, provided there's somewhere to get lots of random bits.
>>
>> On Linux, it seems like we could get those bits from /dev/urandom,
>> though I'm not sure how efficient that would be for the case where
>> many UUIDs are being generated at once. But that wouldn't be very
>> portable. It's tempting to think that we'd need a PRNG that generates
>> wider values, for which we might find other application also. But I'm
>> not volunteering to be the one to create such a thing.
>
> OpenSSL provides rand_bytes() which generates random bytes of any length.
> It uses /dev/urandom or /dev/random on UNIX/Linux and Crypto API of
> Microsoft on Windows.
What about using a cipher here as the PRNG? It seems like using openssl
rand_bytes() to seed aes in ctr would work ok without starving the system of
entropy when making a lot of uuids.
Garick