From the Qt5 reference on QUuid:
QUuid QUuid::createUuid() [static]
On any platform other than Windows, this function returns a new UUID with variant QUuid::DCE and version QUuid::Random. If the /dev/urandom device exists, then the numbers used to construct the UUID will be of cryptographic quality, which will make the UUID unique. Otherwise, the numbers of the UUID will be obtained from the local pseudo-random number generator (qrand(), which is seeded by qsrand()) which is usually not of cryptograhic quality, which means that the UUID can't be guaranteed to be unique.
When on a platform with /dev/urandom, how can I tell if /dev/urandom in fact is available and will be used by this function when it runs?
I suspect it was not in my case, based on this little code that I ran mostly for curiosity's sake:
while(true){
QUuid u=QUuid::createUuid();
QString str=u.toString();
if(str.contains("2222")){
qDebug()<<"UUID:"<<str;
return;
}
}
This produced the following output when I ran it repeatedly:
1 UUID: "{8b42222b-bac3-4c93-b55d-0255a33115a2}"
2 UUID: "{5122227e-473e-4885-8285-8780cc51f71a}"
3 UUID: "{bfeed28f-f8da-4a69-9303-77388752222e}"
4 UUID: "{0000beee-690c-4875-9589-9e222222cedc}"
5 UUID: "{e5a2646d-1c81-4974-94ad-8b222265b67a}"
6 UUID: "{bb77d756-6726-4e9f-94d8-3d4892222a2f}"
Notice the rather bizarre looking output on line #4, and the other apparent symmetries in the 3rd and 4th columns (except for the 4 in the start of column 3 which was to be expected).
Thanks!
Your output on line 4 is almost certainly just random chance. 6 UUIDs is not a large enough sample to provide any indication of randomness, if you really wanted to know for sure you would need to test a massive number of UUIDs (more than is realistically feasible).
Concerning column 3 and 4, as you've noted the leading "4" in the 3rd column is expected because it indicates the UUID version. The leading value in the 4th column (b 55d, 8 285, 9 303, ...) though is also expected, this value will always be 8, 9, a, or b. Outside of these values, I don't see any particular symmetries in the 3rd and 4th columns.
For checking if /dev/urandom
or qrand()
was used, the QUuid class does not make this information available, but if you really wanted to know you could always do what the QUuid class does and try to open and read data from /dev/urandom
. I would argue that this is probably overkill though. While I certainly would not rely on qrand()
in any situation where quality random numbers are needed for security, it's implementation (given how it's being seeded, ~line 959) is probably good enough for generating UUIDs.
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句