When should I use uuid uuid1 vs uuid uuid4 in python

Question

I understand the differences between the two from the docs   uuid1    Generate a UUID from a host ID  sequence number  and the current time  uuid4    Generate a random UUID   So uuid1 uses machine sequence time info to generate a UUID   What are the pros and cons of using each   I know uuid1   can have privacy concerns  since it s based off of machine-information   I wonder if there s any more subtle when choosing one or the other   I just use uuid4   right now  since it s a completely random UUID   But I wonder if I should be using uuid1 to lessen the risk of collisions   Basically  I m looking for people s tips for best-practices on using one vs  the other   Thanks

User · Answer

Perhaps something that s not been mentioned is that of locality    A MAC address or time-based ordering  UUID1  can afford increased database performance  since it s less work to sort numbers closer-together than those distributed randomly  UUID4   see here    A second related issue  is that using UUID1 can be useful in debugging  even if origin data is lost or not explicitly stored  this is obviously in conflict with the privacy issue mentioned by the OP

User · Answer

One instance when you may consider uuid1   rather than uuid4   is when UUIDs are produced on separate machines  for example when multiple online transactions are process on several machines for scaling purposes   In such a situation  the risks of having collisions due to poor choices in the way the pseudo-random number generators are initialized  for example  and also the potentially higher numbers of UUIDs produced render more likely the possibility of creating duplicate IDs   Another interest of uuid1    in that case is that the machine where each GUID was initially produced is implicitly recorded  in the  node  part of UUID    This and the time info  may help if only with debugging

User · Answer

One thing to note when using uuid1  if you use the default call  without giving clock seq parameter  you have a chance of running into collisions  you have only 14 bit of randomness  generating 18 entries within 100ns gives you roughly 1  chance of a collision see birthday paradox attack   The problem will never occur in most use cases  but on a virtual machine with poor clock resolution it will bite you

User · Answer

uuid1   is guaranteed to not produce any collisions  under the assumption you do not create too many of them at the same time   I wouldn t use it if it s important that there s no connection between the uuid and the computer  as the mac address gets used to make it unique across computers   You can create duplicates by creating more than 214 uuid1 in less than 100ns  but this is not a problem for most use cases   uuid4   generates  as you said  a random UUID  The chance of a collision is really  really  really small  Small enough  that you shouldn t worry about it  The problem is  that a bad random-number generator makes it more likely to have collisions   This excellent answer by Bob Aman sums it up nicely   I recommend reading the whole answer       Frankly  in a single application space   without malicious actors  the   extinction of all life on earth will   occur long before you have a   collision  even on a version 4 UUID    even if you re generating quite a few   UUIDs per second

User · Answer

In addition to the accepted answer  there s a third option that can be useful in some cases   v1 with random MAC   v1mc    You can make a hybrid between v1  amp  v4 by deliberately generating v1 UUIDs with a random broadcast MAC address  this is allowed by the v1 spec   The resulting v1 UUID is time dependant  like regular v1   but lacks all host-specific information  like v4   It s also much closer to v4 in it s collision-resistance  v1mc   60 bits of time   61 random bits   121 unique bits  v4   122 random bits   First place I encountered this was Postgres  uuid generate v1mc   function  I ve since used the following python equivalent   from os import urandom from uuid import uuid1  int from bytes   int from bytes    py3 only  def uuid1mc          NOTE  The constant here is required by the UUIDv1 spec        return uuid1  int from bytes urandom 6    big     0x010000000000     note  I ve got a longer   faster version that creates the UUID object directly  can post if anyone wants     In case of LARGE volumes of calls second  this has the potential to exhaust system randomness   You could use the stdlib random module instead  it will probably also be faster   But BE WARNED  it only takes a few hundred UUIDs before an attacker can determine the RNG state  and thus partially predict future UUIDs    import random from uuid import uuid1  def uuid1mc insecure        return uuid1 random getrandbits 48    0x010000000000

User · Answer

My team just ran into trouble using UUID1 for a database upgrade script where we generated  120k UUIDs within a couple of minutes  The UUID collision led to violation of a primary key constraint   We ve upgraded 100s of servers but on our Amazon EC2 instances we ran into this issue a few times  I suspect poor clock resolution and switching to UUID4 solved it for us

[python] When should I use uuid.uuid1() vs. uuid.uuid4() in python?

Examples related to python

Examples related to uuid