[CASSANDRA-11518] o.a.c.utils.UUIDGen clock generation is not very high in entropy - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Low
Resolution: Fixed
Fix Version/s: 3.0.7, 3.7
Component/s: Legacy/Core
Labels:
None

Description

makeClockSeqAndNode uses java.util.Random to generate the clock. Random only has 48-bits of internal state so it's not going to generate the best bits for clock and in addition to that it uses a collision prone seed that sort of defeats the purpose of clock sequence.

A better approach to get the most out of those 14-bits would be to use SecureRandom with something like SHA1PRNG.

Attachments

Activity

People

Assignee:: Ariel Weisberg

Reporter:: Ariel Weisberg

Authors:: Ariel Weisberg

Reviewers:: Branimir Lambov

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 06/Apr/16 19:06

Updated:: 16/Apr/19 09:30

Resolved:: 05/May/16 22:09