pfarber
Reputation: 151
Is Perl Data::UUID a strong symmetric key source?
I'm considering using Data::UUID Perl module to generate a 256 bit symmetric key for use with the HMAC_SHA256 algorithm. Each call should give me a unique string of 128 bits so I'm thinking of doing something like the following:
use Data::UUID;
my $ug = new Data::UUID;
my $uuid1 = $ug->to_hexstring($ug->create());
my $uuid2 = $ug->to_hexstring($ug->create());
my $256_bit_key = $uuid1 . $uuid2;
Is this key cryptographically strong?
Upvotes: 1
Views: 967
Answers (1)
Paul Nathan
Reputation: 40319
No.
Use Crypt::OpenSSL::Random or another crypto-strong random number generator.
To be more precise, you can get some bytes from the CRNG, convert them into an ASCII string, and then use that to do the hash against.
Upvotes: 6
Related Questions
- Is UUID random enough for password recovery link?
- 16 bytes binary form of canonical uuid representation in php
- Version 5 UUID in Perl
- perl - Data::UUID module
- Does Data::GUID generate valid GUIDs?
- What is the guaranteed uniqueness in the identifiers generated by the APR::UUID module
- How to make use of UUIDGEN of unix in perl script
- Perl alternative to hash_hmac('ripemd160', $data, $key) in PHP
- Perl code to generate secret key for HMAC SHA256 signing?
- How can I generate a unique ID using a hash in Perl?