Cryptographically secure ?

Question

Cryptographically secure ?

psankar opened this issue 7 years ago · comments

Hi, Thanks for the package. I have been using this in a project of mine and it is very helpful. This is more a usage question than an Issue.

Are the ids generated by this package cryptographically secure ? There are quite a few sources that you use (machine id, process id, counter etc.) but the documentation does not say anything about if it is cryptographically secure (unpredictable) to use this package when there is a necessity. It will be good to mention the answer to this in the README. Thanks once again.

Olivier Poitrey commented 7 years ago

Yes

Olivier Poitrey · Answer 1 · Wed Feb 21 2018 01:22:29 GMT+0800 (China Standard Time)

As it’s based on env, time and monotonic counter, it is NOT crypto secure. If you need non predictability, you’ll have to use another solution. The xid package does only guarantee global uniqueness.

Sankar சங்கர் · Answer 2 · Wed Feb 21 2018 01:29:02 GMT+0800 (China Standard Time)

Thanks. Do you think that it will be worth adding to the README.md, if so I would keep the issue open (and will send a PR tomorrow mentioning the same) ? Else it could be closed.

Sankar சங்கர் · Answer 3 · Wed Feb 21 2018 12:06:14 GMT+0800 (China Standard Time)

I created #24 Thanks.