Is the ActiveSupport::SecureRandom secure in the way that it is 'impossible' to figure out random numbers or is it secure in the way that it will return UUIDs?
views:
47answers:
1
+2
A:
The security of the random number (and its application) comes from how sufficiently random it is for cryptographic purposes. Apparently the Rails implementation is based on a variation of the Mersenne Twister pseudo-random-number generator which is currently considered sufficient from that perspective. If a vulnerability were uncovered in the future then that would certainly change. The quality of the randomness, as with any such algorithmic implementation, relies to a great extent on the entropy that the system can provide such as through interfaces like /dev/urandom on Linux.
You could use ActiveRecord::SecureRandom as part of an implementation for creating UUID (version 4) but they are not directly related
bjg
2010-07-08 11:44:04
Good enough. thank you!
Flexo
2010-07-08 11:52:07