How unique is UUID

Question

How safe is it to use UUID to uniquely identify something  I m using it for files uploaded to the server   As I understand it  it is based off random numbers  However  it seems to me that given enough time  it would eventually repeat it self  just by pure chance  Is there a better system or a pattern of some type to alleviate this issue

User · Answer

I don t know if this matters to you  but keep in mind that GUIDs are globally unique  but substrings of GUIDs aren t

User · Answer

The answer to this may depend largely on the UUID version  Many UUID generators use a version 4 random number   However  many of these use Pseudo a Random Number Generator to generate them  If a poorly seeded PRNG with a small period is used to generate the UUID I would say it s not very safe at all   Some random number generators also have poor variance   i e  favouring certain numbers more often than others   This isn t going to work well  Therefore  it s only as safe as the algorithms used to generate it  On the flip side  if you know the answer to these questions then I think a version 4 uuid should be very safe to use   In fact I m using it to identify blocks on a network block file system and so far have not had a clash  In my case  the PRNG I m using is a mersenne twister and I m being careful with the way it s seeded which is from multiple sources including  dev urandom   Mersenne twister has a period of 2 19937 - 1   It s going to be a very very long time before I see a repeat uuid  So pick a good library or generate it yourself and make sure you use a decent PRNG algorithm

User · Answer

UUID schemes generally use not only a pseudo-random element  but also the current system time  and some sort of often-unique hardware ID if available  such as a network MAC address   The whole point of using UUID is that you trust it to do a better job of providing a unique ID than you yourself would be able to do   This is the same rationale behind using a 3rd party cryptography library rather than rolling your own   Doing it yourself may be more fun  but it s typically less responsible to do so

User · Answer

Quoting from Wikipedia      Thus  anyone can create a UUID and use   it to identify something with   reasonable confidence that the   identifier will never be   unintentionally used by anyone for   anything else   It goes on to explain in pretty good detail on how safe it actually is  So to answer your question  Yes  it s safe enough

User · Answer

There is more than one type of UUID  so  how safe  depends on which type  which the UUID specifications call  version   you are using    Version 1 is the time based plus MAC address UUID  The 128-bits contains 48-bits for the network card s MAC address  which is uniquely assigned by the manufacturer  and a 60-bit clock with a resolution of 100 nanoseconds  That clock wraps in 3603 A D  so these UUIDs are safe at least until then  unless you need more than 10 million new UUIDs per second or someone clones your network card   I say  at least  because the clock starts at 15 October 1582  so you have about 400 years after the clock wraps before there is even a small possibility of duplications  Version 4 is the random number UUID  There s six fixed bits and the rest of the UUID is 122-bits of randomness  See Wikipedia or other analysis that describe how very unlikely a duplicate is  Version 3 is uses MD5 and Version 5 uses SHA-1 to create those 122-bits  instead of a random or pseudo-random number generator  So in terms of safety it is like Version 4 being a statistical issue  as long as you make sure what the digest algorithm is processing is always unique   Version 2 is similar to Version 1  but with a smaller clock so it is going to wrap around much sooner  But since Version 2 UUIDs are for DCE  you shouldn t be using these    So for all practical problems they are safe   If you are uncomfortable with leaving it up to probabilities  e g  your are the type of person worried about the earth getting destroyed by a large asteroid in your lifetime   just make sure you use a Version 1 UUID and it is guaranteed to be unique  in your lifetime  unless you plan to live past 3603 A D     So why doesn t everyone simply use Version 1 UUIDs  That is because Version 1 UUIDs reveal the MAC address of the machine it was generated on and they can be predictable -- two things which might have security implications for the application using those UUIDs

User · Answer

Been doing it for years  Never run into a problem    I usually set up my DB s to have one table that contains all the keys and the modified dates and such  Haven t run into a problem of duplicate keys ever   The only drawback that it has is when you are writing some queries to find some information quickly you are doing a lot of copying and pasting of the keys  You don t have the short easy to remember ids anymore

User · Answer

If by  given enough time  you mean 100 years and you re creating them at a rate of a billion a second  then yes  you have a 50  chance of having a collision after 100 years

User · Answer

Here s a testing snippet for you to test it s uniquenes  inspired by  scalabl3 s comment      Funny thing is  you could generate 2 in a row that were identical  of course at mind-boggling levels of coincidence  luck and divine intervention  yet despite the unfathomable odds  it s still possible   D Yes  it won t happen  just saying for the amusement of thinking about that moment when you created a duplicate  Screenshot video      scalabl3 Oct 20  15 at 19 11    If you feel lucky  check the checkbox  it only checks the currently generated id s  If you wish a history check  leave it unchecked  Please note  you might run out of ram at some point if you leave it unchecked  I tried to make it cpu friendly so you can abort quickly when needed  just hit the run snippet button again or leave the page    x000D   x000D  Math log2   Math log2    function n   return Math log n    Math log 2     x000D    Math trueRandom    function     x000D    var crypt   window crypto    window msCrypto  x000D   x000D    if  crypt  amp  amp  crypt getRandomValues    x000D           if we have a crypto library  use it x000D        var random   function min  max    x000D            var rval   0  x000D            var range   max - min  x000D            if  range  lt  2    x000D                return min  x000D              x000D   x000D            var bits needed   Math ceil Math log2 range    x000D            if  bits needed  gt  53    x000D              throw new Exception  We cannot generate numbers larger than 53 bits     x000D              x000D            var bytes needed   Math ceil bits needed   8   x000D            var mask   Math pow 2  bits needed  - 1  x000D               7776 - gt   2 13   8192  -1    8191 or 0x00001111 11111111 x000D   x000D               Create byte array and fill with N random numbers x000D            var byteArray   new Uint8Array bytes needed   x000D            crypt getRandomValues byteArray   x000D   x000D            var p    bytes needed - 1    8  x000D            for var i   0  i  lt  bytes needed  i       x000D                rval    byteArray i    Math pow 2  p   x000D                p -  8  x000D              x000D   x000D               Use  amp  to apply the mask and reduce the number of recursive lookups x000D            rval   rval  amp  mask  x000D   x000D            if  rval  gt   range    x000D                   Integer out of acceptable range x000D                return random min  max   x000D              x000D               Return an integer that falls within the range x000D            return min   rval  x000D          x000D        return function     x000D            var r   random 0  1000000000    1000000000  x000D            return r  x000D           x000D      else   x000D           From http   baagoe com en RandomMusings javascript  x000D           Johannes Baag    e  lt baagoe baagoe com gt   2010 x000D        function Mash     x000D            var n   0xefc8249d  x000D   x000D            var mash   function data    x000D                data   data toString    x000D                for  var i   0  i  lt  data length  i      x000D                    n    data charCodeAt i   x000D                    var h   0 02519603282416938   n  x000D                    n   h  gt  gt  gt  0  x000D                    h -  n  x000D                    h    n  x000D                    n   h  gt  gt  gt  0  x000D                    h -  n  x000D                    n    h   0x100000000     2 32 x000D                  x000D                return  n  gt  gt  gt  0    2 3283064365386963e-10     2 -32 x000D               x000D   x000D            mash version    Mash 0 9   x000D            return mash  x000D          x000D   x000D           From http   baagoe com en RandomMusings javascript  x000D        function Alea     x000D            return  function args    x000D                   Johannes Baag    e  lt baagoe baagoe com gt   2010 x000D                var s0   0  x000D                var s1   0  x000D                var s2   0  x000D                var c   1  x000D   x000D                if  args length    0    x000D                    args     new Date     x000D                  x000D                var mash   Mash    x000D                s0   mash       x000D                s1   mash       x000D                s2   mash       x000D   x000D                for  var i   0  i  lt  args length  i      x000D                    s0 -  mash args i    x000D                    if  s0  lt  0    x000D                        s0    1  x000D                      x000D                    s1 -  mash args i    x000D                    if  s1  lt  0    x000D                        s1    1  x000D                      x000D                    s2 -  mash args i    x000D                    if  s2  lt  0    x000D                        s2    1  x000D                      x000D                  x000D                mash   null  x000D   x000D                var random   function     x000D                    var t   2091639   s0   c   2 3283064365386963e-10     2 -32 x000D                    s0   s1  x000D                    s1   s2  x000D                    return s2   t -  c   t   0   x000D                   x000D                random uint32   function     x000D                    return random     0x100000000     2 32 x000D                   x000D                random fract53   function     x000D                    return random     x000D                         random     0x200000   0    1 1102230246251565e-16     2 -53 x000D                   x000D                random version    Alea 0 9   x000D                random args   args  x000D                return random  x000D   x000D              Array prototype slice call arguments     x000D           x000D        return Alea    x000D      x000D        x000D   x000D  Math guid   function     x000D      return  xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx  replace   xy  g  function c       x000D        var r   Math trueRandom     16   0  x000D            v   c     x    r    r  amp  0x3   0x8   x000D        return v toString 16   x000D        x000D     x000D  function logit item1  item2    x000D      console log  Do   item1   and   item2   equal     item1    item2    OMG  take a screenshot and you ll be epic on the world of cryptography  buy a lottery ticket now    No they do not  shame  no fame       runs    window numberofRuns   x000D    x000D  numberofRuns   0  x000D  function test     x000D     window numberofRuns    x000D     var x   Math guid    x000D     var y   Math guid    x000D     var test   x    y    historyTest x y   x000D   x000D     logit x y   x000D     return test  x000D   x000D    x000D  historyArr       x000D  historyCount   0  x000D  function historyTest item1  item2    x000D      if window luckyDog    x000D         return false  x000D        x000D      for var i   historyCount  i  gt  -1  i--    x000D          logit item1 window historyArr i    x000D          if item1    history i     x000D               x000D              return true  x000D            x000D          logit item2 window historyArr i    x000D          if item2    history i     x000D               x000D              return true  x000D            x000D   x000D        x000D      window historyArr push item1   x000D      window historyArr push item2   x000D      window historyCount  2  x000D      return false  x000D    x000D  luckyDog   false  x000D  document body onload   function     x000D  document getElementById  runit   onclick    function     x000D  window luckyDog   document getElementById  lucky   checked  x000D  var val   document getElementById  input   value x000D  if val trim       0     x000D      var intervaltimer   window setInterval function     x000D           var test   window test    x000D           if test    x000D              window clearInterval intervaltimer   x000D             x000D        0   x000D    x000D  else   x000D     var num   parseInt val   x000D     if num  gt  0    x000D          var intervaltimer   window setInterval function     x000D           var test   window test    x000D           num--  x000D           if num  lt  0    test    x000D       x000D           window clearInterval intervaltimer   x000D             x000D        0   x000D       x000D    x000D     x000D     x000D  Please input how often the calulation should run  set to 0 for forever  Check the checkbox if you feel lucky  lt BR  gt  x000D   lt input type  text  value  0  id  input  gt  lt input type  checkbox  id  lucky  gt  lt button id  runit  gt Run lt  button gt  lt BR  gt  x000D   x000D   x000D

User · Answer

For UUID4 I make it that there are approximately as many IDs as there are grains of sand in a cube-shaped box with sides 360 000km long  That s a box with sides  2 1 2 times longer than Jupiter s diameter   Working so someone can tell me if I ve messed up units    volume of grain of sand 0 00947mm 3  Guardian  UUID4 has 122 random bits -  5 3e36 possible values  wikipedia  volume of that many grains of sand   5 0191e34 mm 3 or 5 0191e 25m 3 side length of cubic box with that volume   3 69E8m or 369 000km diameter of Jupiter  139 820km  google

User · Answer

I concur with the other answers   UUIDs are safe enough for nearly all practical purposes1  and certainly for yours     But suppose  hypothetically  that they aren t      Is there a better system or a pattern of some type to alleviate this issue    Here are a couple of approaches    Use a bigger UUID   For instance  instead of a 128 random bits  use 256 or 512 or       Each bit you add to a type-4 style UUID will reduce the probability of a collision by a half  assuming that you have a reliable source of entropy2  Build a centralized or distributed service that generates UUIDs and records each and every one it has ever issued   Each time it generates a new one  it checks that the UUID has never been issued before   Such a service would be technically straight-forward to implement  I think  if we assumed that the people running the service were absolutely trustworthy  incorruptible  etcetera   Unfortunately  they aren t     especially when there is the possibility of governments  security organizations interfering   So  this approach is probably impractical  and may be3 impossible in the real world      1 - If uniqueness of UUIDs determined whether nuclear missiles got launched at your country s capital city  a lot of your fellow citizens would not be convinced by  the probability is extremely low    Hence my  nearly all  qualification   2 - And here s a philosophical question for you   Is anything ever truly random   How would we know if it wasn t   Is the universe as we know it a simulation   Is there a God who might conceivably  tweak  the laws of physics to alter an outcome   3 - If anyone knows of any research papers on this problem  please comment

User · Answer

Very safe       the annual risk of a given person being hit by a meteorite is   estimated to be one chance in 17 billion  which means the   probability is about 0 00000000006  6    10-11   equivalent to the odds   of creating a few tens of trillions of UUIDs in a year and having one   duplicate  In other words  only after generating 1 billion UUIDs every   second for the next 100 years  the probability of creating just one   duplicate would be about 50     Caveat      However  these probabilities only hold when the UUIDs are generated   using sufficient entropy  Otherwise  the probability of duplicates   could be significantly higher  since the statistical dispersion might   be lower  Where unique identifiers are required for distributed   applications  so that UUIDs do not clash even when data from many   devices is merged  the randomness of the seeds and generators used on   every device must be reliable for the life of the application  Where   this is not feasible  RFC4122 recommends using a namespace variant   instead    Source  The Random UUID probability of duplicates section of the Wikipedia article on Universally unique identifiers  link leads to a revision from December 2016 before editing reworked the section    Also see the current section on the same subject on the same Universally unique identifier article  Collisions

[guid] How unique is UUID?

Examples related to guid

Examples related to uniqueidentifier

Examples related to uuid