Geek Answers Handbook

Can cryptographically strong UUIDs be generated in Javascript?

What is the state of modern web browsers (Chrome, IE, Safari and Firefox) and their ability to create cryptographically strong UUIDs? Studying this question, I could not find anything definite. I came across information about stackoverflow and another place that indicates problems with Math.random, but I would like to know what the current state of all this is.

UPDATE

As icktoofay pointed out , crypto.getRandomValuesis a way to do this. Unfortunately, browser support is limited. Is there a proven way around this? Are javascript libraries available to solve this problem?

+4
source share
3 answers

In browsers having it, you can use crypto.getRandomValuesto get cryptographically secure pseudo-random values. For example:

var array = new Uint8Array(16);
crypto.getRandomValues(array);

You can then manipulate these bytes into a valid UUID.

+4
source

Although this does not directly answer the original question, it may help someone find a library that will help with creating the UUID. For my current needs, I decided to use the node-uuid library . From the list of functions:

  • Generate RFC4122 version 1 or version UUID
  • Cryptographically strong random # generation on supporting platforms

Looking at the source, this seems to be achieved using crypto.getRandomValues, which @icktoofay suggested.

+1
source

, ! , http://www.matasano.com/articles/javascript-cryptography/

Believe me, I studied this issue for a while. Crypto is experimental, and therefore, for most browsers it is not. Node could be better as it is directly related to the OS. You will need to research this though!

0
source

More articles:


All Articles