Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m using boost uuid to generate session ids.
std::string SessionGenerator::generate()
{
boost::uuids::uuid id = m_rgen();
m_ss.clear();
m_ss.str("");
m_ss << id;
return m_ss.str();
}
Is it safe to assume that I’m never going to get a duplicate or should I be doing checks against active sessions?
Thanks
Well, it depends.
It means that the problem may be on the generator you’re using. They say they’re using ITU-T specification.
Let’s go to page 7 of the document. If you’re using time and you can assume that:
Then you can at least assert that:
“The UUID will be different from all other generated UUIDs” because time flows and the granularity is 100 ns.
There could be a collision if you need to share generated UUID with other machines or the time will change (do not forget that twice per year in many country there is time adjustment). That’s why there is a Clock sequence field. Moreover it’s pretty small so in this case you fall to assert that:
“The UUID is extremely likely to be unique.”
If you’re using, instead of this, a random number generator then you can assert only that:
“The UUID is extremely likely to be unique.” because the requirement of a random number generator is not to generate unique numbers (but with a good random number generator your extremely likely will be EXTREMELY likely).
So in normal conditions (for example if you do not move one network card from one computer to the other and you change the time back to the past) I suppose that you can assume they’re unique (using time). If you’re using a random number generator you can’t assume they’re unique but just extremely likely to be unique (about probability of collisions…well…if it happens with a good random number generator you should stay at home for the next meteor shower).
References
http://blogs.msdn.com/b/oldnewthing/archive/2008/06/27/8659071.aspx
http://en.wikipedia.org/wiki/Birthday_attack