UUID::Tiny is nice, but unfortunately due to its usage of rand() the version 4 UUIDs it provides are not cryptographically strong i.e. there exists the potential for the next value to be predicted. We opted to create a lightweight (core modules only!) alternative which uses a strong source of randomness.

Linux kernel v3.17 introduced the system call getrandom() which returns a specified number of random bytes. It reads from the same source as /dev/urandom by default, without requiring the opening of a file handle (which means we can avoid file descriptor exhaustion attacks blocking our source of randomness).

use constant {
    GRND_NONBLOCK => 0x0001,
    RANDOM_BYTES  => 16,

my $call = syscall( 318, my $uuid = "\0" x RANDOM_BYTES,

vec( $uuid, 13, 4 ) = 0x4; # version
vec( $uuid, 35, 2 ) = 0x2; # variant

UUID4::Tiny takes 16 bytes via getrandom(), and sets the correct version and variant for a valid version 4 UUID. Those bytes can either be returned as-is or converted to the canonical 8-4-4-4-12 UUID string representation.

GRND_NONBLOCK is a flag which makes the system call return an error instead of blocking if the entropy pool has not yet been initialized.

Given the requirement for Linux kernel v3.17 (and 64 bit due to the explicit system call number), if this does not suit you then fear not, there is an alternative in UUID::URandom, which uses either /dev/urandom or the Windows Crypto API depending on your system.