Here reported is a test result I did in search of "cryptographically strong" PRNG. The purpose of count test is to see if the UUID algorithm favors/dislikes certain letters or numbers by counting the occurrence of each letter/number in a UUID (8.3.2. hex) generated. There are total of 10,000 UUIDs generated and counted. Here is the code for the test:
import { v4 as uuidv4 } from 'uuid';
let round = 10000, temp1, objuuid={};
for (let i=0;i<round;i++) {
console.log("ith round : ", i);
temp1 = uuidv4(); //uuid generated
//uuid
for (let j=0;j<temp1.length;j++) {
let a1 = temp1.charAt(j);
if (a1 !== "-") {. //don't count "-"
let hit = false;
Object.keys(objuuid).map(k => {
if (k == a1) {
hit = true;
//break;
}
});
if (hit) {
objuuid[a1] = objuuid[a1] + 1;
} else {
objuuid[a1] = 1;
}
}
}
};
Here is output of objuuid in 3 run:
1st one:
0: 18934
1: 18723
2: 18789
3: 18712
4: 28840
5: 18491
6: 18628
7: 18732
8: 21498
9: 21241
a: 21238
b: 21223
c: 19003
d: 18820
e: 18492
f: 18636
2nd one:
0: 18768
1: 18837
2: 18572
3: 18945
4: 28557
5: 18908
6: 18922
7: 18734
8: 21265
9: 21044
a: 21274
b: 21344
c: 18681
d: 18604
e: 18775
f: 18770
3rd one:
0: 18676
1: 18743
2: 18712
3: 18741
4: 28722
5: 18947
6: 18747
7: 18736
8: 21316
9: 21253
a: 21111
b: 21413
c: 18795
d: 18704
e: 18737
f: 18647
From the result above (did more than 3 runs), It seems that "4, 8 ,9 , a, b" are more favored than others. According to this ietf article, this is by design. I am not an expert on PRNG and security. Will this "favor" negatively impact the security of the uuid generated (make it a bit easier to be guessed out)? How PRNG needs to be unbiased towards the pick to be called "cryptographically strong"?
Aucun commentaire:
Enregistrer un commentaire