Details
-
Bug
-
Resolution: Done
-
Not Evaluated
-
None
-
4.8.0
-
None
-
ac10a99e642c9005efc7639583fcb726acc169fd
Description
Symbian does not have a /dev/urandom device. So when QUuid::createUuid() is called for the first time in a program, the only entropy going into the UUID is a) the current stack address and b) the current time (in seconds).
For a particular program, the stack address is quite likely to be identical on separate runs of the same program, and across separate devices.
This means that if a program generates its first UUID within the same second as the same program on another device, those UUIDs will probably be identical. Further UUIDs generated in sequence will also be identical.
Furthermore, the random number generator used to generate UUIDs after this bad start itself only has 32 bits of internal state, so the entropy of the UUID can never exceed 32 bits.
I suggest that at least on Symbian the device ID and current kernel tick count should be blended into the UUID to give at least basic universal uniqueness.
I attached a test app that demonstrates the problem by setting the time, then generating 100 UUIDs - they are the same sequence on repeated runs of the program.