3

The documentation of Data::UUID states that

A UUID is 128 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE.

The documentation for APR::UUID describes the generated identifiers as random.

Does this mean that the GUIDs created by APR::UUID are not guaranteed to be unique?

Pencho Ilchev
  • 3,201
  • 18
  • 21
  • 1
    Some research to give people who want to answer a headstart: When the documentation says “random”, it means [Version 4 UUIDs](http://enwp.org/UUID#Version_4_.28random.29). On Unix, this is implemented through libuuid, see `misc/unix/rand.c` in the [APR](http://apr.apache.org/) source. – daxim Dec 12 '11 at 07:48
  • @daxim this answers my question with the exact level of detail that I needed. Thanks – Pencho Ilchev Dec 12 '11 at 13:40

2 Answers2

3

The Wikipedia articles on UUIDs and GUIDs are instructive here.

UUIDs are random but drawn from such a large distribution that the probabilities of collisions are miniscule, where in this context miniscule means that you are likely to be struck by thousands of asteroids before you generate two identical UUIDs.

GUIDs are mostly random but also incorporate some deterministic but unique data to your system, such as the MAC address of your network hardware and the current time, so that collisions between a GUID created on another system are even less likely.

mob
  • 117,087
  • 18
  • 149
  • 283
  • thanks for the links, however, my question is about the APR::UUID implementation, i.e. does it rely on the negligible probability of the same number being generated randomly twice or guarantees uniqueness by utilizing some algorithm. – Pencho Ilchev Dec 12 '11 at 02:56
  • 1
    Since these are supposed to be *U*niversally or *G*lobally unique, it's impossible guarantee uniqueness without having a central server used by everyone in the universe or everyone on the globe. The ids must be generated without such connectivity, so they cannot be guaranteed to be unique. – ikegami Dec 12 '11 at 17:34
  • if you are requiring them to be unique, you cannot rely on this alone, you must handle the logic that ensures uniqueness at the time of generation and checking the DB/Datastore to see if it already exists, to be guaranteed for your implementation. – Quadrivium Jan 26 '21 at 23:36
0

I realise this is an old question, but as I stumbled unto this issue, I thought I would share some observations.

As stated by daxim, APR::UUID uses libuuid. However, in at least some implementations, libuuid does not generate a random (v4) UUID, but a v1 UUID (based on MAC address and timestamp). These are really unique (as long as your MAC address is indeed unique), but they leek information (your MAC address and the time the UUID was generated) and may be at least somewhat predictable.

If the UUID generation code is spec-compliant, you can find out which version of UUID is generated by looking at the first digit of the 3 group. v1 UUIDs are not random but predictable. v4 UUIDs are random and (supposedly) unpredictable.

jcaron
  • 17,302
  • 6
  • 32
  • 46