Friday, June 19, 2009

java.rmi.server.UID is not random

Well, here's an unfortunate result of having different ways of doing the same thing in Java.

I needed a way to generate a random unique ID to be used as an authentication token. So I thought hmmm a sort of UID ought to do it. So the first candidate that Google suggested was


Running a quick test gave me the following results in 2 subsequent runs: '-31a4aa0:121f7402438:-7f1f' and '-31a4aa0:121f7402438:-7f1e'. Epic fail. So much for randomness.

Looking for alternatives,

seems to be a better choice. In particular its


factory method seems to claim cryptographic strength.

No comments: