使用默认的mt19937 RNG生成的增强UUID是否对会话ID安全？

Question

I need to generate UUIDs for use as non-predictable / guessable session IDs.

This can easily be accomplished using boost's UUID library :

boost::uuids::uuid newUUID()
{
  static boost::uuids::random_generator gen;
  return gen();
}

The returned UUID can easily be converted to a string.

The above code is equivalent to:

boost::uuids::uuid newUUID()
{
  static boost::uuids::basic_random_generator<boost::mt19937> gen;
  return gen();
}

So we are using the Mersenne Twister 19937 pseudo random number generator. It looks like boost takes the task of seeding it properly serious.

However, I wonder if something important – security wise – is gained by using a non-deterministic RNG like boost::random_device instead, and also how it will impact the speed of UUID generation.

boost::uuids::uuid newUUID()
{
  static boost::uuids::basic_random_generator<boost::random_device> gen;
  return gen();
}

Advice from people with security insight is appreciated.

Answer 1

MT is not a cryptographically secure RNG.

boost::random_device is guaranteed (by docs) to only exist if cruptographically secure and non-deterministic. Note that this is not true of std::random_device .

For any serious application, you cannot trust a mere documented guarantee. But for a small scale unimportant one it should do.

Writing your own cryptographically secure code or system is usually a bad idea. Describe how bad it is that someone defeat your system, as that really matters to how much effort you need to put into it.