Comments (4)
The generation of the UUID uses crypto/rand, but can be changed. I would trust the randomness of the UUID but if you want secrecy the package does not attempt to take extraordinary efforts to keep the UUIDs secret in its own memory space, there may be copies left on the heap or in freed memory. If 122 bits of randomness is sufficient then this is as good as reading it directly from crypto/rand (since that is basically what the v4 UUIDs are.). Otherwise, just use crypto/rand.Read directly.
from uuid.
The generation of the UUID uses crypto/rand, but can be changed. I would trust the randomness of the UUID but if you want secrecy the package does not attempt to take extraordinary efforts to keep the UUIDs secret in its own memory space, there may be copies left on the heap or in freed memory. If 122 bits of randomness is sufficient then this is as good as reading it directly from crypto/rand (since that is basically what the v4 UUIDs are.). Otherwise, just use crypto/rand.Read directly.
Okay, so just to clarify, can I use UUIDs as this app's authorization tokens? Thank you a lot.
from uuid.
I can't really answer that, it depends on your application. If you were guarding nuclear launch codes I would definitely say No! but for more mundane applications, if 122 bits is sufficient then I think it is as good as reading directly from crypt/rand.Read. Just realize there are 6 bits out of the 128 which are fixed to known values which is why you only get 122 bits of randomness. I guess it also depends on your encryption algorithm. There simply is no generic answer to the question.
from uuid.
I can't really answer that, it depends on your application. If you were guarding nuclear launch codes I would definitely say No! but for more mundane applications, if 122 bits is sufficient then I think it is as good as reading directly from crypt/rand.Read. Just realize there are 6 bits out of the 128 which are fixed to known values which is why you only get 122 bits of randomness. I guess it also depends on your encryption algorithm. There simply is no generic answer to the question.
Ok, great, thanks!
from uuid.
Related Issues (20)
- Equals method HOT 1
- Reference implementaiton for UUID v8 HOT 2
- Is there a method to generate empty UUID v4? HOT 2
- UUID with repeat ending HOT 2
- NullUUID Scan method returns valid true on empty string HOT 2
- [Documentation] uuid.Nil is not documented properly
- `IsZero()` and `ToNullUUID` Helper Functions HOT 1
- panic: uuid: Parse(): invalid UUID length: 0 HOT 1
- Should uuid.Nil marshal to null instead of all zeroes HOT 3
- Make uuid.Nil and other values as a constant HOT 1
- Cannot get the package, connection refused
- uuid.Parse allows invalid UUID's HOT 2
- recommended to add uuid v6 and v7 support HOT 1
- Validate UUID without creating UUID (and underlying byte array)
- Limit permissions for github workflows
- uuid.Parse Function Does Not Handle Leading/Trailing Spaces in UUIDs
- Monotonicity in UUIDv7 HOT 2
- proposal: add func uuid.Compare(a, b UUID) int
- [HELP] Is there any ways to improve the performance in multi-goroutine env ?
- not able to install uuid package HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from uuid.