Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-11518

o.a.c.utils.UUIDGen clock generation is not very high in entropy

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Low
    • Resolution: Fixed
    • Fix Version/s: 3.0.7, 3.7
    • Component/s: Legacy/Core
    • Labels:
      None

      Description

      makeClockSeqAndNode uses java.util.Random to generate the clock. Random only has 48-bits of internal state so it's not going to generate the best bits for clock and in addition to that it uses a collision prone seed that sort of defeats the purpose of clock sequence.

      A better approach to get the most out of those 14-bits would be to use SecureRandom with something like SHA1PRNG.

        Attachments

          Activity

            People

            • Assignee:
              aweisberg Ariel Weisberg
              Reporter:
              aweisberg Ariel Weisberg
              Authors:
              Ariel Weisberg
              Reviewers:
              Branimir Lambov
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: