UUID.randomUUID() 与 SecureRandom
[英]UUID.randomUUID() vs SecureRandom
问题描述
我试图了解使用 UUID.randomUUID() 而不是 SecureRandom 生成器的优势,因为前者在内部使用 securerandom。
4 个解决方案
解决方案1
36 2016-09-30 08:35:00
Well, the source code shows UUID.randomUUID uses SecureRandom .
好吧, 源代码显示UUID.randomUUID使用SecureRandom 。
public static UUID [More ...] randomUUID() {
SecureRandom ng = numberGenerator;
if (ng == null) {
numberGenerator = ng = new SecureRandom();
}
byte[] randomBytes = new byte[16];
ng.nextBytes(randomBytes);
randomBytes[6] &= 0x0f; /* clear version */
randomBytes[6] |= 0x40; /* set to version 4 */
randomBytes[8] &= 0x3f; /* clear variant */
randomBytes[8] |= 0x80; /* set to IETF variant */
return new UUID(randomBytes);
}
As you can see, you can use either, but in a secure UUID you have 6 non-random bits, which can be considered a disadvantage if you are picky.如您所见,您可以使用任何一种,但在安全的 UUID 中,您有 6 个非随机位,如果您很挑剔,这可以被认为是一个缺点。
解决方案2
11 2016-09-30 09:14:05
Random numbers have a random chance of being repeated.随机数有随机重复的机会。 The lower the randomness (unless there is some co-ordination), the greater the chance of producing the same number twice.随机性越低(除非有一些协调),产生相同数字两次的机会就越大。
https://en.wikipedia.org/wiki/Birthday_problem https://en.wikipedia.org/wiki/Birthday_problem
As you produce more random numbers the chance of the same number being repeated increases as every id must be different to every other id.随着您产生更多随机数,重复相同数字的机会增加,因为每个 id 必须与其他每个 id 不同。
SecureRandom allows you to choose how many bit of randomness you want. SecureRandom 允许您选择您想要的随机数。 Make it too small and there is a good chance they will be repeated.让它太小,它们很可能会重复。 You can get duplicate random 32-bit id in a fraction of a second.您可以在几分之一秒内获得重复的随机 32 位 ID。
UUID sets the standard at 128 bits (or as uoyilmaz points out, 122 bits are random) This is enough for most use cases. UUID 将标准设置为 128 位(或者正如 uoyilmaz 指出的那样,122 位是随机的)这对于大多数用例来说已经足够了。 However if you want a random String, I would be tempted to use more bits and/or a higher base than 16. Java for example support base 36 and 64 which means you can have shorter ids, or more randomness for the same length ID.但是,如果您想要一个随机字符串,我会倾向于使用更多位和/或比 16 更高的基数。例如,Java 支持基数 36 和 64,这意味着您可以拥有更短的 ID,或者相同长度 ID 的更多随机性。
Note: UUID format has multiple - in it's dump though I don't see the value of them, they just make the string longer.注意:UUID 格式有多个-在它的转储中虽然我没有看到它们的值,但它们只是使字符串更长。
解决方案3
1 2020-02-14 09:03:13
Thanks for all the provided technical answers.感谢您提供的所有技术答案。 I, myself, was also baffled by the difference between the two which led me here.我自己也对导致我来到这里的两者之间的差异感到困惑。 But then, a thought dawned on me: If you only call the function once, then there is no difference as both method generates a number that could not be pre-calculated.但是,我突然想到:如果你只调用一次函数,那么没有区别,因为这两种方法都会生成一个无法预先计算的数字。 But if call the function several times, then they differ here because a statistical normal distribution is a property of a random number generator whereas this is not a property of a UUID.但是,如果多次调用该函数,则它们在这里有所不同,因为统计正态分布是随机数生成器的属性,而这不是 UUID 的属性。 UUID strives for uniqueness and in fact it derives the provided number using your computer's MAC hardware address, the current epoch seconds etc. And eventually, if you for-loop call the UUID values it will not be statistically normally distributed. UUID 力求唯一性,实际上它使用您计算机的 MAC 硬件地址、当前纪元秒等得出所提供的数字。最终,如果您循环调用 UUID 值,它将不会在统计上呈正态分布。
解决方案4
-3 2016-09-30 08:28:46
The UUID is not a random number: it is a universal unique ID. UUID 不是随机数:它是通用唯一 ID。 You can be sure that no one can generate the same hexadecimal string.您可以确定没有人可以生成相同的十六进制字符串。
A random number is another story: it is not an hexadecimal string and it is not universally unique.随机数是另一回事:它不是十六进制字符串,也不是普遍唯一的。
A more efficient and completed generator of UUIDs is provided by this library .这个库提供了一个更高效、更完整的 UUID 生成器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.