On Fri, Feb 11, 2011 at 5:51 PM, Tim Graham <timogra...@gmail.com> wrote: > Tom, > > That definitely seems reasonable to me. Seems like the risk of key > collision is low enough that we shouldn't have to loop at all? My > only concern regarding uui4 is the risk of collision with multiple web > servers. From what I've read uuid1 would prevent that. That being > said, I'm not an expert on this, so if there's anyone who could weigh > in and ensure we're not overlooking something that would be a big > plus. > > Tim >
UUID-1 is simply the concatenation of (one of) the computer's MAC addresses and a time counter from a known point. Since the format is known, if you know one UUID-1, you can derive the MAC address, and it is then trivial to predict the UUIDs that would be generated. Probably a bad idea for session keys! The purpose for generating identifiable UUIDs like these are to allow an organization to generate UUIDs that clearly belong to them, and can be "well known". Versions 2,3 and 5 are built using similar algorithms, and so aren't particularly opaque. Only version 4 UUIDs contain random data. Each UUID contains its version number, so a UUID-4 won't ever collide with a UUID-1. I'll update the patch on the ticket to remove the loop (which was the smelly bit of the code anyway!) Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
