本文介绍如何利用 MySQL 的 UUID 函数提取时间戳和 MAC 地址等敏感信息,并探讨了 UUID 作为代理键的泄露性问题。
In mysql, it is possible to use the uuid function to extract milliseconds.
select conv(
concat(
substring(uid,16,3),
substring(uid,10,4),
substring(uid,1,8))
,16,10)
div 10000
- (141427 * 24 * 60 * 60 * 1000) as current_mills
from (select uuid() uid) as alias;Result:
+---------------+
| current_mills |
+---------------+
| 1410954031133 |
+---------------+It also works in older mysql versions!
Thank you to this page: http://rpbouman.blogspot.com.es/2014/06/mysql-extracting-timstamp-and-mac.html
To whom it may concern.
Surrogate keys: auto-increment or UUID?
I recently overheard a statement about whether to use auto-incrementing id's (i.e, a sequence managed by the RDBMS) or universal unique identifiers (UUIDs) as method for generating surrogate key values.Leakiness
Much has been written about this subject with regard to storage space, query performance and so on, but in this particular case the main consideration was leakiness . Leakiness in this case means that key values convey information about the state of the system that we didn't intend to disclose.Auto-incrementing id's are leaky
For example, suppose you would subscribe to a new social media site, and you get assigned a personal profile page which looks like this:http://social.media.site/user/67638Suppose that
67638
is the auto-incrementing key value that was uniquely assigned to the profile. If that were the case then we could wait a day and create a new profile. We could then compare the key values and use it to estimate how many new profiles were created during that day. This might not necessarily be very sensitive information, but the point here is that by exposing the key values, the system exposes information that it didn't intend to disclose (or at least not in that way).
Are UUIDs leaky?
So clearly, auto-incrementing keys are leaky. The question is, are UUIDs less leaky? Because if that's the case, then that might weigh in on your consideration to choose for a UUID surrogate key. As it turns out, this question can be answered with the universal but always unsatisfactory answer that "it depends". Not all UUIDs are created equal, and wikipedia lists 5 different variants. This is not an exhaustive list, since vendors can (and so, probably will) invent their own variants.MySQL UUIDs
In this article I want to focus on MySQL's implementation. MySQL has two different functions that generate UUIDs:UUID()
and
UUID_SHORT()
.
Are MySQL UUIDs leaky?
If you follow the links and read the documentation, then we can easily give a definitive answer, which is: yes, MySQL UUIDs are leaky:UUID()implements a version 1 UUID, which is generated according to DCE 1.1: Remote Procedure Call (Appendix A) CAE (Common Applications Environment). Type 1 UUIDs are also described by RFC1422, "A Universally Unique IDentifier (UUID) URN Namespace". In short, it consists of a timestamp and a MAC address, plus some addition data to ensure uniqueness. If you want to check the MySQL source code, look for the functionString *Item_func_uuid::val_str(String *str)initem_strfunc.cc.UUID_SHORT()doesn't seem to conform to any particular external standard, but it contains the server's id as well as its startime, plus some extra data to ensure unicity. The MySQL source code for this islonglong Item_func_uuid_short::val_int()initem_func.cc.
Hacking MySQL UUID values
Now, on to the fun bit. Let's hack MySQL UUIDs and extract meaningful information. Because we can.Credit where credit's due: Although the documentation and MySQL source code contain all the information, I had a lot of benefit from the inconspicuously-looking but otherwise excellent website from the Kruithof family. It provides a neat recipe for extracting timestamp and MAC addressfrom type 1 UUIDs. Thanks!
Here's a graphical representation of the recipe: 
Extracting the timestamp from a MySQL UUID
Here's how:select uid AS uid
, from_unixtime(
(conv(
concat( -- step 1: reconstruct hexadecimal timestamp
substring(uid, 16, 3)
, substring(uid, 10, 4)
, substring(uid, 1, 8)
), 16, 10) -- step 2: convert hexadecimal to decimal
div 10 div 1000 div 1000 -- step 3: go from nanoseconds to seconds
) - (141427 * 24 * 60 * 60) -- step 4: substract timestamp offset (October 15,
) AS uuid_to_timestamp
, current_timestamp() AS timestamp
from (select uuid() uid) AS alias;
Here's an example result:
+--------------------------------------+---------------------+---------------------+ | uid | uuid_to_timestamp | timestamp | +--------------------------------------+---------------------+---------------------+ | a89e6d7b-f2ec-11e3-bcfb-5c514fe65f28 | 2014-06-13 13:20:00 | 2014-06-13 13:20:00 | +--------------------------------------+---------------------+---------------------+ 1 row in set (0.01 sec)The query works by first obtaining the value from UUID(). I use a subquery in the from clause for that, which aliases the
UUID()
function call to
uid
. This allows other expressions to manipulate the same uid value. You cannot simply call the
UUID()
multiple times, since it generates a new unique value each time you call it. The raw value of
uid
is shown as well, which is:
a89e6d7b-f2ec-11e3-bcfb-5c514fe65f28
. Most people will recognize this as 5 hexadecimal fields, separated by dashes. The first step is to extract and re-order parts of the uid to reconstruct a valid timestamp:
- Characters 16-18 form the most significant part of the timestamp. In our example that's
1e3; the last 3 characters of the third field in the uid. - Characters 10-13 form the middle part timestamp. In our example that's
f2ec; this corresponds to the second field - Characters 1-8 form the least significant part of the timestamp. In our example that's
a89e6d7b; this is the first field of the uid.
Extracting the parts is easy enough with SUBSTRING(), and we can use CONCAT() to glue the parts into the right order; that is, putting the most to least significant parts of the timestamp in a left-to-right order. The hexadecimal timestamp is now 1e3f2eca89e6d7b.
The second step is to convert the hexadecimal timestamp to a decimal value. We can do that using CONV(hextimestamp, 16, 10), where 16 represents the number base of the hexadecimal input timestamp, and 10 represents the number base of output value.
We now have a timestamp, but it is in a 100-nanosecond resolution. So the third step is to divide so that we get back to seconds resolution. We can safely use a DIV integer division. First we divide by 10 to go from 100-nanosecond resolution to microseconds; then by 1000 to go to milliseconds, and then again by 1000 to go from milliseconds to seconds.
We now have a timestamp expressed as the number of seconds since the date of Gregorian reform to the Christian calendar, which is set at October 15, 1582. We can easily convert this to unix time by subtracting the number of seconds between that date and January 1, 1970 (i.e. the start date for unix time). I suppose there are nicer ways to express that, but 141427 * 24 * 60 * 60 is the value we need to do the conversion.
We now have a unix timestamp, and MySQL offers the FROM_UNIXTIME() function to go from unix time to a MySQL timestamp value.
Extracting the MAC address from a MySQL UUID
The last field of type 1 UUID's is the so-called node id. On BSD and Linux platforms, MySQL uses the MAC address to create the node id. The following query extracts the MAC address in the familiar colon-separated representation:select uid AS uid
, concat(
substring(uid, 25,2)
, ':', substring(uid, 27,2)
, ':', substring(uid, 29,2)
, ':', substring(uid, 31,2)
, ':', substring(uid, 33,2)
, ':', substring(uid, 35,2)
) AS uuid_to_mac
from (select uuid() uid) AS alias;
Here's the result:
+--------------------------------------+-------------------+ | uid | uuid_to_mac | +--------------------------------------+-------------------+ | 78e5e7c0-f2f5-11e3-bcfb-5c514fe65f28 | 5c:51:4f:e6:5f:28 | +--------------------------------------+-------------------+ 1 row in set (0.01 sec)I checked on Ubuntu with
ifconfig
and found that this actually works.
What about UUID_SHORT()?
The UUID_SHORT() function is implemented thus:(server_id & 255) << 56 + (server_startup_time_in_seconds << 24) + incremented_variable++;This indicates we could try and apply right bitshifting to extract server id and start time.
Since the server_id can be larger (much larger) than 255, we cannot reliably extract it. However, you can give it a try; assuming there are many mysql replication clusters with less than 255 nodes, and assuming admins will often use a simple incrementing number scheme for the server id. you might give it a try.
The start time is also easy to extract with bitshift. Feel free to post queries for that in the comments.
扫一扫
2040
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
