UUID.randomUUID() vs SecureRandom

java uuid secure-random
User3518958 picture User3518958 · Sep 30, 2016 · Viewed 20k times · Source

I am trying to understand the advantages of using UUID.randomUUID() over SecureRandom generator as the former uses securerandom internally.

Answer

uoyilmaz picture uoyilmaz · Sep 30, 2016

Well, the source code shows UUID.randomUUID uses SecureRandom.

public static UUID  [More ...] randomUUID() {
    SecureRandom ng = numberGenerator;
    if (ng == null) {
        numberGenerator = ng = new SecureRandom();
    }
    byte[] randomBytes = new byte[16];
    ng.nextBytes(randomBytes);
    randomBytes[6]  &= 0x0f;  /* clear version        */
    randomBytes[6]  |= 0x40;  /* set to version 4     */
    randomBytes[8]  &= 0x3f;  /* clear variant        */
    randomBytes[8]  |= 0x80;  /* set to IETF variant  */
    return new UUID(randomBytes);
}

As you can see, you can use either, but in a secure UUID you have 6 non-random bits, which can be considered a disadvantage if you are picky.

Related questions

Efficient method to generate UUID String in JAVA (UUID.randomUUID().toString() without the dashes)

I would like an efficient utility to generate unique sequences of bytes. UUID is a good candidate but UUID.randomUUID().toString() generates stuff like 44e128a5-ac7a-4c9a-be4c-224b6bf81b20 which is good, but I would …

Read More
Likelihood of collision using most significant bits of a UUID in Java

If I'm using Long uuid = UUID.randomUUID().getMostSignificantBits() how likely is it to get a collision. It cuts off the least significant bits, so there is a possibility that you run into a collision, right?

Read More
Generating 8-character only UUIDs

UUID libraries generate 32-character UUIDs. I want to generate 8-character only UUIDs, is it possible?

Read More