3

I have a system where tens of thousands of users log in whenever they like and my server has to assign them to one of many databases. I would like to distribute the users evenly amongst the databases. I was thinking of using one of two methods, and cannot decide which will give me a more even distribution:

  1. RAND_bytes from OpenSSL modulo number of databases.
  2. Current Timestamp (in seconds) modulo number of databases.

The first option relies on RAND_bytes and the second relies on the Law of Large Numbers.

Users log in mostly during certain peak hours.

Which one will give me a more even distribution?

Max
  • 235
  • 2
  • 6

1 Answers1

4

By definition, a cryptographically secure PRNG will give you the most uniform distribution -- because any detectable bias would be considered as a weakness. If the PRNG is "strong", then this means that nobody ever detected a single bias, even though they were trying real hard.

OpenSSL's RAND_bytes() function is supposed to be a cryptographically strong PRNG, and many systems rely on that.

With timestamps, you can only hope that nobody will guess your method and create accounts at regular intervals precisely to always fall on the same database and thus make your life harder.

Therefore, use RAND_bytes().

Tom Leek
  • 172,594
  • 29
  • 349
  • 481