Skip to content

Latest commit

 

History

History
112 lines (82 loc) · 4.5 KB

README.md

File metadata and controls

112 lines (82 loc) · 4.5 KB

cfmlbadges cfmlbadges

cfml-nanoid

CFML implementation of nanoid, secure URL-friendly unique ID generation.

  • A tiny, secure URL-friendly unique string ID generator for JavaScript
  • Safe. It uses SHA1PRNG (default), IBMSecureRandom, NativePRNG, NativePRNGBlocking or NativePRNGNonBlocking algorithms to assist in a proper distribution of symbols.
  • Compact. It uses more symbols than UUID (A-Za-z0-9_-) and has the same number of unique options in just 21 symbols instead of 36.

Usage

Instantiate the component:

nanoId = new nanoId();

nanoId.generate()

Generates compact ID using settings. (Defaults to 21 characters of the alphabet 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz- using SHA1PRNG algorithm.)

writeOutput(nanoId.generate());
// jLWi7TKamN1zqpE_Z00Ab

nanoId.generate(alphabet, size, algorithm)

One-time override for a single ID generation

writeOutput(nanoId.generate(alphabet="ABCDEFGHJKLMNPQRSTUVXYZ"));
// XYDADCEJSYBMDLLTREBEF

writeOutput(nanoId.generate(size=12));
// 2PBPRu7HRoJP

writeOutput(nanoId.generate(algorithm="NativePRNG"));
// fkDNYl2snoOXMegoFi_Dr

// Using 2 ordered arguments
writeOutput(nanoId.generate("ABCDEFGHIJKLMNOPQRSTUVXYZ", 12));
// THTMYMVEGMAV

// Using 3 ordered arguments
writeOutput(nanoId.generate("ABCDEFGHIJKLMNOPQRSTUVXYZ", 12, "IBMSecureRandom"));
// RMQFYHVJIMEZ

nanoId.setAlphabet(alphabet)

Sets a custom characters for all subsequent ID generations. A dictionary name can also be used. (Defaults to 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz-.)

nanoId.setAlphabet("ABCDEFGHJKLMNPQSTUVWXYZ");
// no output

nanoId.setSize(integer);

Sets custom string length for all subsequent ID generations. (Defaults to 21)

nanoId.setSize(12);
// no output

nanoId.setAlgorithm(algorithm);

Sets secure or non-secure generation type. (Defaults to SHA1PRNG. Options are SHA1PRNG, IBMSecureRandom, NativePRNG, NativePRNGBlocking, NativePRNGNonBlocking.)

nanoId.setAlgorithm("IBMSecureRandom");
// no output

Algorithms

Algorithm Notes
SHA1PRNG Initial seeding is currently done via a combination of system attributes and the java.security entropy gathering device
IBMSecureRandom This implementation uses a SHA-1 message digest and computes the hash over a true-random seed value.
NativePRNG (nextBytes() uses /dev/urandom, generateSeed() uses /dev/random)
NativePRNGBlocking (nextBytes() and generateSeed() use /dev/random)
NativePRNGNonBlocking (nextBytes() and generateSeed() use /dev/urandom)

Alphabet Dictionary

Code Description Characters
default Default 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz-
numbers Numbers from 0 to 9 0123456789
hexadecimalLowercase Lowercase English hexadecimal lowercase characters 0123456789abcdef
hexadecimalUppercase Lowercase English hexadecimal uppercase characters 0123456789ABCDEF
lowercase Lowercase English letters abcdefghijklmnopqrstuvwxyz
uppercase Uppercase English letters ABCDEFGHIJKLMNOPQRSTUVWXYZ
alphanumeric Combination of all the lowercase, uppercase characters & numbers from 0 to 9. Does not include any symbols or special characters 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
nolookalikes Numbers & english alphabet without lookalikes: 1, l, I, 0, O, o, u, v, 5, S, s, 2, Z. 346789ABCDEFGHJKLMNPQRTUVWXYabcdefghijkmnpqrtwxyz
nolookalikesSafe Same as noolookalikes but with removed vowels & following letters: 3, 4, x, X, V. This list should protect you from accidentally getting obscene words in generated strings. 6789BCDFGHJKLMNPQRTWbcdfghjkmnpqrtwz

Benchmark

Algorithm Speed
SHA1PRNG 8,832 ops/sec
IBMSecureRandom 13,411 ops/sec
NativePRNG 12,383 ops/sec
NativePRNGBlocking 12,942 ops/sec
NativePRNGNonBlocking 12,822 ops/sec

Test Configuration: ColdFusion Developer 2016.0.17.325979 / Windows Server 2016 / Java 11.0.11+9-LTS-194

To Review

Research to determine if Java native java.security.SecureRandom is sufficient and whether there are any hardware random generator options available.