> On Nov 15, 2016, at 3:02 AM, Simon Slavin <slav...@bigfraud.org> wrote: > > SQLite has a randomblob function which can be used to select part of the > UUID, but you need to pick a UUID scheme suitable for your purposes to know > how much of it can be random.
In some use cases it’s important for security to guarantee that a UUID actually is unique and can’t be guessed*. In such cases I would be wary of using randomblob(), since the SQLite documentation does not describe which random number generator is used; it just calls it “pseudo-random”. If you generate the UUID yourself you can get the random bits from /dev/random or some other high-quality entropy source. —Jens * this isn’t just paranoia. There have been real-world vulnerabilities that stemmed from insufficiently random IDs. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
