Adding a uuid v4 implementation with crypto:rand_bytes/1

The default version uses random:uniform/1, which is based on a broken implementation of the whitchman-hill PRNG. It has bad divergence, which makes the UUID somewhat easy to guess. On the other hand, crypto module's PRNG is crypto-safe and shouldn't be as easy to guess, making a potential safe use of the UUID for sessions or other values.
okeuday · Apr 8, 2011 · 6426e2c · 6426e2c
1 parent 3f8b8d7
commit 6426e2c
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/src/uuid.erl b/src/uuid.erl
@@ -65,6 +65,7 @@
          get_v1_time/1,
          get_v3/1,
          get_v4/0,
+         get_v4_safe/0,
          get_v5/1,
          uuid_to_string/1,
          increment/1]).
@@ -167,6 +168,12 @@ get_v4() ->
       0:1, 1:1,            % reserved bits
       Rand3Part2:24, Rand4:32>>.
 
+get_v4_safe() ->
+    % Version = <<4:4/big>>,  bits 12-15 of time_hi_and_v (60-63)
+    % Variant = <<2:2/big>>,  6-7 of clock_seq_hi (70-71)
+    <<Start:60, _Version:4, Mid:6, _Variant:2, End:56>> = crypto:rand_bytes(16),
+    <<Start:60, 4:4, Mid:6, 2:2, End:56>>.
+
 get_v5([I | _] = Name)
     when is_integer(I) ->
     <<B1:60, B2:6, B3a:56, B3b:38>> = crypto:sha(Name),