[Bro-Dev] [JIRA] (BIT-1016) Option to extend uids to 128 bit

[Jon Siwek (JIRA)]

    [ https://bro-tracker.atlassian.net/browse/BIT-1016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13812#comment-13812 ] 

Jon Siwek commented on BIT-1016:
--------------------------------

{quote}
Regarding performance: another option would be to use 128-bit UUIDs internally and just chop of 32 bytes if a 96-bit UUID is desired, assuming the bits in the UUID are distributed uniformly. Then we could use a fixed-size array and just change how the data is interpreted at script land.
{quote}

This is kind of what currently happens: the UID gets calculated in 64-bit chunks, then truncated if necessary.  Except you can ask for more than 128-bits if you want.
                
> Option to extend uids to 128 bit
> --------------------------------
>
>                 Key: BIT-1016
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1016
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: rhave
>            Assignee: Jon Siwek
>            Priority: Low
>             Fix For: 2.2
>
>
> Bro's uids are currently 64 bits, which makes them collide with a 50% chance after 5.1 x 10^9^ different uids (see http://en.wikipedia.org/wiki/Birthday_problem#Probability_table).
> I'm currently generating uuids of 128 bit to replace the native uids in bro, as I'm using them as keys in a database, but this requires rewriting of the bro-logs. I suspect that more people could benefit from an option to extend the uids to 128 bit.
> I've made a quick and dirty patch to change most of the uids to 128 bit (file_analysis uids are missing). The patch is ugly, and is only to show some of the functionality I would like: http://pastebin.com/GkaGejNc



--
This message was sent by Atlassian JIRA
(v6.1-OD-06#6139)