0

I need to generate UUIDs for use as non-predictable / guessable session IDs.

This can easily be accomplished using boost's UUID library:

boost::uuids::uuid newUUID()
{
  static boost::uuids::random_generator gen;
  return gen();
}

The returned UUID can easily be converted to a string.

The above code is equivalent to:

boost::uuids::uuid newUUID()
{
  static boost::uuids::basic_random_generator<boost::mt19937> gen;
  return gen();
}

So we are using the Mersenne Twister 19937 pseudo random number generator. It looks like boost takes the task of seeding it properly serious.

However, I wonder if something important – security wise – is gained by using a non-deterministic RNG like boost::random_device instead, and also how it will impact the speed of UUID generation.

boost::uuids::uuid newUUID()
{
  static boost::uuids::basic_random_generator<boost::random_device> gen;
  return gen();
}

Advice from people with security insight is appreciated.

mgd
  • 4,114
  • 3
  • 23
  • 32
  • 2
    What do you mean by secure? AFAIK it is not cryptographically secure. – NathanOliver Sep 16 '16 at 13:11
  • MT is really fast and pretty high quality, but it is not a crypto RNG. Speed will not be an issue though, MT can generate GBs of random data per second on normal systems. – Baum mit Augen Sep 16 '16 at 13:16
  • @NathanOliver That is really the question: is it necessary to use a crypto RNG for generating UUIDs if these are going to be used for session IDs that should not be predictable / guessable or is MT secure enough for this purpose. – mgd Sep 16 '16 at 13:50
  • Which OS are you using? Many common ones provide a means of generating UUIDs which they do with the added bonus of practically guaranteeing non-duplication. – Bathsheba Sep 16 '16 at 14:00
  • @Bathsheba Many different (Linux, AIX, Windows, Mac OS X). But the issue is not uniqueness but predictability. See Yakk's answer and comments below. – mgd Sep 16 '16 at 14:05

1 Answers1

2

MT is not a cryptographically secure RNG.

boost::random_device is guaranteed (by docs) to only exist if cruptographically secure and non-deterministic. Note that this is not true of std::random_device.

For any serious application, you cannot trust a mere documented guarantee. But for a small scale unimportant one it should do.

Writing your own cryptographically secure code or system is usually a bad idea. Describe how bad it is that someone defeat your system, as that really matters to how much effort you need to put into it.

Yakk - Adam Nevraumont
  • 262,606
  • 27
  • 330
  • 524
  • Ok, so for generating UUIDs that just needs to be unique, MT is perfect and fast, but for UUIDs that should be non-predictable / guessable like a session ID, is a crypto RNG needed? We are not talking about generating a crypto key but about a session ID that should not be guessable. – mgd Sep 16 '16 at 13:44
  • You could use the string-generator and feed it data from `std::random_device` or `/dev/urandom` – sehe Sep 16 '16 at 13:55
  • @mgd Non-crypto secure means that someone with modest information can reverse the function. Like, find the next/previous one after a given one, or find a pattern after a modest selection of values. I did not address if MT would generate sufficiently unique values to have a low chance of repeats of your UUIDs. I would assume so, but I am not going to assert it without double checking. Note that the above presumes that the UUID generator from RNG isn't completely stupid: a stupid UUID generator can make the quality of the RNG irrelevant. – Yakk - Adam Nevraumont Sep 16 '16 at 13:56
  • Thanks for answering. So, non-crypto secure means that someone with access to one session ID can guess another one which is not acceptable. (I understand the difference between generating unique IDs and generating non-predictable unique IDs.) – mgd Sep 16 '16 at 14:03
  • 1
    @mgd **no** , it means it is not suitable for situations where security matters in any way, shape or form. To a first approximation, you should assume the counter party can predict everything it does (its output in every situation). If that is a problem, don't use it. There may be finer grained facts that are less extreme, but **I will not give you any such guarantee**, nor should I, even if I thought I knew the answer. If you care *at all* about security, don't assume *anything* of non-crypto secure components. I gave an example of a hole, **I did not guarantee that is the only hole**. – Yakk - Adam Nevraumont Sep 16 '16 at 14:13
  • I agree. Instead of saying “non-crypto secure means…” I should have said “non-crypto secure among other things implies no guarantees wrt predictability”. Thanks for taking the time to help. – mgd Sep 16 '16 at 14:32