Redialing UUIDs from java UUID.randomUUID ()

Question

Redialing UUIDs from java UUID.randomUUID ()

We noticed that a set of almost 200,000 UUIDs was outplayed for two months, and I wonder if anyone saw this.

UUIDs are generated using UUID.randomUUID (). In this case (looking at the java source), randomUUID () uses SecureRandom () under the hood, which in turn uses NativePRNG. I understand that NativePRNG uses / dev / urandom to get its seed. Undoubtedly, it is implied that somehow / dev / urandom returned the same seed to NativePRNG for two months. From what I can say, a once-created instance of PRNG does not re-seed. This is a long-running job that listens for messages and uses the UUID as an identifier for it. The pseudocode is simple:

< receive message> String uuid = UUID.randomUUID().toString(); String fname = h.composeArtifact(uuid);

OS - Centos 6, on an AWS EC2 instance running under JDK1.6. Is this something that anyone has seen / experienced in the past? It seems that "will never happen" ...

+4

java linux random

Pj1 Jan 27 '16 at 15:29

source share

1 answer

Thomas Pornin · Answer 1 · 2016-01-27T16:05:57+0000

From the source, JDK 1.6 does indeed apply UUID.randomUUID()to the instance java.util.SecureRandom. If you received a repeated UUID sequence, then you were either very lucky (or very unfortunate, depending on the point of view), either someone played with VM snapshots, or there is something suspicious in your Java configuration.

VM , . SecureRandom, , , SecureRandom, , SecureRandom reseeds /dev/urandom (/dev/urandom "" , SecureRandom ).

Java SecureRandom, SecureRandom PRNG, SecureRandomSpi, . Sun JDK , (/dev/urandom Linux). ; java.security.egd, securerandom.source java.security. , - (, , ). . . , , , strace, , - /dev/random /dev/urandom.

Java , VM, , UUID, , Powerball ( ).

Redialing UUIDs from java UUID.randomUUID ()

More articles: