On Friday 29 January 2010 11.21:00 Joe Kramer wrote: > We have bunch of servers running the app and rebuilding postgres with > support for ossp_uuid on all servers is time consuming. > Is there a way of doing it without third party dependency like > ossp_uuid? Should I just run md5(random number), will itbe the same ? If you're building your own: at least use sha1 instead of md5. (Even md5 *should* be safe in the absence of malicious attacks, but md5 is generally not recommended anymore.) Everything depends on the quality of your random numbers. I don't know how much randomness pg's random() delivers, and as I've said I haven't looked what the uuid module does. (To give you an example: if random() only delivers a random 32 bit float value, the 160 bits of SHA-1 will not be used. You'll only use 4 billion different values and you *will* soon get collisions.) If I were to roll my own, I'd just use 256 bit of /dev/random (or, depending on the application, possibly /dev/urandom and take the risk that my values aren't that random.) Since it's random anyway, there's no need to use a hash. (Not sure: can a SQL function read arbitrary binary files or will a C module be necessary?) Speed: just did a quick test on one machine. reading 1kB from /dev/random takes about 1s. (constant 5MB/s disk activity with lots of seeking going on, no hw random device.) So you'd get ca. 32 id values per second. Don't know if that's a lot or not for your application. Magnus: can you elaborate on uuid not being secure? AFAICT v4 uuid are supposed to be essentially a random number formatted in a certain way. cheers -- vbi -- featured product: GNU Privacy Guard - http://gnupg.org
Attachment:
signature.asc
Description: This is a digitally signed message part.
