This is very good, and if the source of the randomness is a CSPRNG, then we can be confident that yes, it is quite reasonably safe to use as a session identifier. We know that a version 4 UUID has 122 bits of randomness. The key is that you're looking not only for randomness, but also for unpredictably. The problem with determining the security of a v4 UUID (we know v1 UUIDs are not in any way secure) is that you have to know and understand the underlying mechanism for generating them in your specific application, since this could be different for every implementation, and could very definitely have a security impact. The trick is that you shouldn't trust the built in GUID generators to deliver guarantees that are not explicitly part of the purpose of GUID generation. They'll still have more than enough entropy to deal with mere session keys. There's nothing wrong with using the GUID format for these numbers. There's no guarantees to the random number's quality because that isn't required to generate unique values - its only required for unguessability.Īs such, if you depend on the randomness of your session IDs as a security feature, you should generate them yourself, using a cryptographic generator you trust. However, remember that you're reliant on a side-effect of the process here. These are highly unguessable, as long as you can trust the underlying random number generator. V4, on the other hand, is almost completely defined by a 122 bit random number. The only other protection you have is the clock-sequence field, which is not intended to be unguessable, so it is likely to remain the same between reboots of a computer. If you can narrow down the time where a session was generated to, say 1/10th of a second, there's only 1,000,000 possible values. Their uniqueness depends entirely on a MAC address and a timestamp with 100ns increments. You would need to investigate how your particular generator works.Īs you have noticed, v1 GUIDs are particularly guessable. If the method you use to generate those GUIDs/UUIDs provides unguessability, that is a side effect of the process. GUIDs/UUIDs were never designed to be unguessable. GUIDs generated by calling other people's GUID generation functions are still not suitable for use as unguessable auth tokens though, because that's not the purpose of the GUID generation function - you're merely exploiting a side effect. If you are worried about malicious users improperly crafting GUIDs/UUIDs, you do have some concern. There are Oracle servers which generate millions of UUIDs per second in giant distributed databases without collisions. A GUID/UUID generated anywhere will be unique from all other GUID/UUIDs without requiring any centralized authority. GUIDs/UUIDs were designed from the start to provide the specific guarantee. generated according to RFC 4122, then you can expect them all to be unique. If all GUIDs that enter your system are generated by proper means (i.e. The answers to these two situations are extraordinarily different. You've stated you're interested in considering both collisions generated by "proper" means and attacks which involve maliciously generating GUIDs improperly.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |