er.extensions.foundation.ERXRandomGUID
|
Project Wonder 5.0 | |||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||||
java.lang.Object
public class ERXRandomGUID
In the multitude of java GUID generators, I found none that guaranteed randomness. GUIDs are guaranteed to be globally unique by using ethernet MACs, IP addresses, time elements, and sequential numbers. GUIDs are not expected to be random and most often are easy/possible to guess given a sample from a given generator. SQL Server, for example generates GUID that are unique but sequencial within a given instance.
GUIDs can be used as security devices to hide things such as files within a filesystem where listings are unavailable (e.g. files that are served up from a Web server with indexing turned off). This may be desireable in cases where standard authentication is not appropriate. In this scenario, the RandomGUIDs are used as directories. Another example is the use of GUIDs for primary keys in a database where you want to ensure that the keys are secret. Random GUIDs can then be used in a URL to prevent hackers (or users) from accessing records by guessing or simply by incrementing sequential numbers.
There are many other possiblities of using GUIDs in the realm of security and encryption where the element of randomness is important. This class was written for these purposes but can also be used as a general purpose GUID generator as well.
RandomGUID generates truly random GUIDs by using the system's IP
address (name/IP), system time in milliseconds (as an integer), and a very
large random number joined together in a single String that is passed through
an MD5 hash. The IP address and system time make the MD5 seed globally unique
and the random number guarantees that the generated GUIDs will have no
discernable pattern and cannot be guessed given any number of previously
generated GUIDs. It is generally not possible to access the seed information
(IP, time, random number) from the resulting GUIDs as the MD5 hash algorithm
provides one way encryption.
RandomGUID
RandomGUID can be called one of two ways -- with the basic java
Random number generator or a cryptographically strong random
generator (SecureRandom). The choice is offered because the secure
random generator takes about 3.5 times longer to generate its random numbers
and this performance hit may not be worth the added security especially
considering the basic generator is seeded with a cryptographically strong
random seed.
Seeding the basic generator in this way effectively decouples the random numbers from the time component making it virtually impossible to predict the random number component even if one had absolute knowledge of the System time. Thanks to Ashutosh Narhari for the suggestion of using the static method to prime the basic random generator.
Using the secure random option, this class compies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, secition 4.9.1.
I converted all the pieces of the seed to a String before handing it
over to the MD5 hash so that you could print it out to make sure it contains
the data you expect to see and to give a nice warm fuzzy. If you need better
performance, you may want to stick to byte[] arrays.
I believe that it is important that the algorithm for generating random GUIDs be open for inspection and modification. This class is free for all uses.
| 11/05/02 | Performance enhancement from Mike Dubman. Moved InetAddr.getLocal
to static block. Mike has measured a 10 fold improvement in run time. |
| 01/29/02 | Bug fix: Improper seeding of nonsecure Random object caused duplicate GUIDs to be produced. Random object is now only created once per JVM. |
| 01/19/02 | Modified random seeding and added new constructor to allow secure random feature. |
| 01/14/02 | Added random function seeding with JVM run time |
From www.JavaExchange.com, Open Software licensing
| Field Summary | |
|---|---|
java.lang.String |
valueAfterMD5
|
java.lang.String |
valueBeforeMD5
|
| Constructor Summary | |
|---|---|
ERXRandomGUID()
Default constructor. |
|
ERXRandomGUID(boolean secure)
Constructor with security option. |
|
| Method Summary | |
|---|---|
static void |
main(java.lang.String[] args)
Demonstration and self test of class. |
static java.lang.String |
newGid()
Returns the String representation of a new ERXRandomGUID
object. |
java.lang.String |
toString()
Convert to the standard format for GUID (Useful for SQL Server UniqueIdentifiers, etc.) Example: C2FEEEAC-CFCD-11D1-8B05-00600806D9B6 |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
| Field Detail |
|---|
public java.lang.String valueBeforeMD5
public java.lang.String valueAfterMD5
| Constructor Detail |
|---|
public ERXRandomGUID()
public ERXRandomGUID(boolean secure)
secure true
enables each random number generated to be cryptographically strong.
secure false defaults to the standard Random
function seeded with a single cryptographically strong random number.
secure - true use a random number from SecureRandom, or
false use a random number from Random| Method Detail |
|---|
public java.lang.String toString()
toString in class java.lang.ObjectString representation of this objectpublic static void main(java.lang.String[] args)
args - No argumentspublic static java.lang.String newGid()
String representation of a new ERXRandomGUID
object.
String representation of a new ERXRandomGUID
object
|
Last updated: Tue, Feb 21, 2017 • 05:45 PM CET | |||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||||