93f8d38a   
   From: moreno_news@mailinator.com   
      
   > But the question remains, does the boost random number generator in   
   > the uuids package have sufficient entropy for use in a large   
   > distributed system? A simple PRNG, even using the Mersenne twister, is   
   > not enough. A source of entropy is needed for seeding.   
      
   Well, strictly speaking, for the purpose of generating UUIDs, what   
   you really need is a source of *guaranteed distinct* pieces of data   
   (see below).   
      
   > /dev/urandom, which uses things like disk and mouse activity. This   
   > could be specific to Linux though - I don't know if other UNIX   
   > implementations such as Solaris provide it. And what about Windoze. It   
   > certainly doesn't have /dev/urandom so how does one do PRNG seeding   
   > with entropy on that platform?   
      
   Since boost is multi-platform, I would assume that their facilities   
   use whatever system facilities are available --- I don't remember   
   the name of the function off the top of my head, but I do remember   
   that Windows API includes a cryptographic-quality PRNG, which is   
   presumably of comparable quality to /dev/urandom (though last time   
   I checked, IIRC they did not provide details about how it operates;   
   they simply said that it is suitable for cryptographic applications).   
      
   The point is, by using Boost, you are trusting that they know the   
   specifics for each platform --- not sure if in this case of UUID   
   that trust is warranted, but as a general rule, I'd say when using   
   Boost you are trusting the right crowd.   
      
   If you're still uneasy with that, you could try "re-randomizing"   
   what the UUID generator gives you --- concatenate the given value   
   with some data unique to the machine (this may be for free, since   
   maybe in your distributed system, by design, each node is assigned   
   a unique ID or so?), plus the process ID plus the timestamp (date +   
   time) plus the CPU clock cycle counter, plus an auto-increment   
   counter, and then compute a hash (say, SHA256) of the resulting   
   string, and reconstruct according to the required standard format.   
   You simply can not have duplicates  (well, you can, with probability   
   2 to the -128, if all of the 128 bits of the resulting UUID are   
   chosen from the hash).   
      
      
   HTH,   
      
   Carlos   
   --   
      
         [ See http://www.gotw.ca/resources/clcm.htm for info about ]   
         [ comp.lang.c++.moderated.    First time posters: Do this! ]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)