UUID – Page 2 – WindowsTechs.com

Guessing UUIDv1 hashes?

Posted on July 4, 2021 by T. Rode

I’m digging into UUIDv1 generation and bruteforce, in order to take control of a password reset feature of a website which sends a link with a get parameter token=UUIDvX.
I’m trying to identify which version of UUID hashing algorithm the s… Continue reading Guessing UUIDv1 hashes?→

Is using sensitive information to generate a UUID v5 considered secure?

Posted on March 22, 2021 by Cooper

Lets say I want to generate a name-based UUID using v5 of the RFC 4122 using sensitive information as the input (for example the password to my bank account). And lets say I give the generated UUID to a malicious user who wishes to reverse… Continue reading Is using sensitive information to generate a UUID v5 considered secure?→

Decoding UUID4 (version 4 variant 1) given a minimum number of decoded pairs

Posted on December 15, 2020 by Tai

Given a bunch of pairs like these:

My – UUID number 1
secret – UUID number 2
is – UUID number 3

Decode the next word given only the UUID of the message.

I spent yesterday checking out the web for hints to help me understand if and how … Continue reading Decoding UUID4 (version 4 variant 1) given a minimum number of decoded pairs→

Should I obscure database primary keys for the frontend even if these ids are uuidv4 Ids?

Posted on November 19, 2020 by MADforFUNandHappy

After reading through the answers of the related question (the same question but about integer primary keys), I was wondering if there is any reason to hash uuidv4 primary keys and sending the hash to the frontend instead.
Since uuidv4 Ids… Continue reading Should I obscure database primary keys for the frontend even if these ids are uuidv4 Ids?→

Best practices for generating and storing authorization codes and access tokens in OAuth server

Posted on October 26, 2020 by Jakub Žitný

I’ve recently implemented an OAuth server functionality to our service. I’ve consulted OAuth 2.0 Threat Model and Security Considerations and addressed most of the concerns. I am curious about any best practices for generating authorizatio… Continue reading Best practices for generating and storing authorization codes and access tokens in OAuth server→

Stop UUID injection in MYSQL Database

Posted on June 27, 2020 by Adaptero

I have a cordova app that logs users in based on their devices model+platform+uuid. For example:
Pixel 2Android39798721218.
The way this works when a user uses a new device is detailed in the following:

Users opens app
App sends uuid code… Continue reading Stop UUID injection in MYSQL Database→

using Uuid for security

Posted on May 27, 2020 by ELA

I read that uuid does not bring any security advantages

But I can’t find why It doesn’t bring a little bit of extra security in the scenario below ?:

Consider that right now the session id is encrypting the auto-increment id (no uuid is … Continue reading using Uuid for security→

Microsoft Edge Shares Privacy-Busting Telemetry, Research Alleges

Posted on March 16, 2020 by Lindsey O'Donnell

An academic study found Microsoft’s Edge browser to be the least private, due to it sending device identifiers and web browsing pages to back-end servers. Continue reading Microsoft Edge Shares Privacy-Busting Telemetry, Research Alleges→

Exposing UUID or BIGSERIAL Primary Keys

Posted on January 5, 2020 by civ15

Exposing primary keys is bad practice. How should I expose UUID or BIGSERIAL Primary Keys to clients — hashing, encoding, encrypting? For integers there are libraries like hashids, what about UUID?

Continue reading Exposing UUID or BIGSERIAL Primary Keys→

Is it possible to get the original UUID1 from a timestamp?

Posted on December 2, 2019 by Haunted

Say, for example, I generate a time based UUID with the following program.

import uuid
uuid = uuid.uuid1()
print uuid
print uuid.time

I get the following:

47702997-155d-11ea-92d3-6030d48747ec
137946228962896279

Can I ge… Continue reading Is it possible to get the original UUID1 from a timestamp?→