Giter VIP home page Giter VIP logo

cuid2's Introduction

Cuid2

Pub Version Pub Publisher License

Secure, collision-resistant ids optimized for horizontal scaling and performance. Next generation UUIDs.

Need unique ids in your app? Forget UUIDs and GUIDs which often collide in large apps. Use Cuid2, instead.

Cuid2 is:

  • Secure: It's not feasible to guess the next id, existing valid ids, or learn anything about the referenced data from the id. Cuid2 uses multiple, independent entropy sources and hashes them with a security-audited, NIST-standard cryptographically secure hashing algorithm (Sha3).
  • Collision resistant: It's extremely unlikely to generate the same id twice (by default, you'd need to generate roughly 4,000,000,000,000,000,000 ids (sqrt(36^(24-1) * 26) = 4.0268498e+18) to reach 50% chance of collision.
  • Horizontally scalable: Generate ids on multiple machines without coordination.
  • Offline-compatible: Generate ids without a network connection.
  • URL and name-friendly: No special characters.
  • Fast and convenient: No async operations. Won't introduce user-noticeable delays. Less than 5k, gzipped.
  • But not too fast: If you can hash too quickly you can launch parallel attacks to find duplicates or break entropy-hiding. For unique ids, the fastest runner loses the security race.

Cuid2 is not good for:

  • Sequential ids (see the note on K-sortable ids, below)
  • High performance tight loops, such as render loops (if you don't need cross-host unique ids or security, consider a simple counter for this use-case, or try Ulid or NanoId).

Learn more

Install

dart pub add cuid2

Usage

import 'package:cuid2/cuid2.dart';

void main() {
  final id = cuid();  // default options
  final id30 = cuidSecure(30);  // set length to 30, use Random.secure()
  final cc = cuidConfig(length: 30);  // custom config - see example

  print(cc.gen())
  print(id); // eh82waoo5fi41lgncwv5oxxb
  print(id30); // oxjkyfqo3aqk3jigelnuyp3ef299qx
}

Testing

a histogram analysis is done on every batch of tests to ensure a fair and random distribution across the whole entropy range. Any bias found during the analysis would increase the chances of ID collision and cause the tests to fail automatically.

Histogram

cuid2's People

Contributors

geommr avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar

Forkers

heralight

cuid2's Issues

Web support

Hi,

Thank you for your package, very helpful.
I tried to include it inside a mobile/web project but I had an incompatibility with the code for the web platform.

The problem

_createFingerprint() inside cuid2_base.dart use Platform.localHostname; and pid.

  • dart:io and Platform.localHostname, I successfully replace it with universal_io
  • but I'm concern about the pid that I cannot simulate in a distributed system for a browser.

do you have any recommendation or sample for web integration please ?

Do you think that replace it for web by a Math.random is enough like said that inside: https://github.com/paralleldrive/cuid2/blob/6c64c5d118885eaef9e7594de4416dc4945e3460/src/index.js#L50

a simple fix will in cuid2_base.dart:

import 'package:universal_io/io.dart';
...
 String _createFingerprint() {
    final hostname = Platform.localHostname;
    final version = Platform.operatingSystemVersion;
    final os = Platform.operatingSystem;
    seed = kIsWeb ? (_random.nextDouble() * 36).floor() : pid;
    final fingerprint = '${_pad(seed.toRadixString(36), 3)}$hostname$version$os';
    final entropy = _createEntropy(length: _entropyLength);
    final sourceString = '$fingerprint$entropy';

    return _hash(sourceString).substring(0, _entropyLength);
  }

and with that the web platform will supported.

Best regards,

Alexandre

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.