Programmer Humor

27490 readers

1557 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

anzo@programming.dev

Feyter@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

357

I wasted all my generational luck for this (files.catbox.moe)

submitted 1 day ago by mudkip@lemdro.id to c/programmer_humor@programming.dev

51 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] ryannathans@aussie.zone 127 points 1 day ago (1 children)

This is how we find out that crypto.randomUUID is not cryptographically secure

[–] Mikina@programming.dev 19 points 1 day ago (1 children)

Aren't UUIDs designed to prevent collisions, rather than be cryptographycally secure? Not that it's doing a great job here :D

Edit: Nvm, that was guid.

[–] BootLoop@sh.itjust.works 13 points 18 hours ago* (last edited 18 hours ago) (1 children)

GUID and UUID are two names of the same thing. One is Globally Unique and one is Universally Unique. I think they mean not cryptographically secure as in not truly random if it's generating duplicates.

[–] Mikina@programming.dev 6 points 13 hours ago

I was doing cybersecurity for a few years before I moved to gamedev, and I vaguely remember that at least the older versions of GUID were definitely not safe, and could be "easily" guessed.

I had to look it up, in case anyone's interrested, and from a quick glance to the GUID RFC, it depends on the version used, but if I'm reading it right, 6 bits out of the 128 are used for version identification, and then based on the version it's some kind of timestamp, either from UTC time or some kind of a name-space (I didn't really read through the details), and then a clock sequence, which make it a lot more guessable. I wonder how different would the odds be for different versions of the UUID, but I'm too tired to actually understand the spec enough to be able to tell.

However, for GUID version 4, both the timestamp and clock sequence should instead be a randomly generated number, which would give you 122 bits of entropy. It of course depends on the implementation and what kind of random generator was used when generating it, but I'd say it may be good enough for some uses.

The spec also says that you specifically should not use it for auth tokens and the like, so there's that.