On Tue, 23 Feb 2016 05:48 am, Marko Rauhamaa wrote: > Jon Ribbens <jon+use...@unequivocal.co.uk>: > >> I was under the impression that the point of UUIDs is that you can be >> *so* confident that there won't be a collision that for all practical >> purposes it's indistinguishable from being certain. > > Yes, if you generate a random 128-bit number, it will be unique --
If you generate a second random 128 bit number, you have a chance of 1 in 2**128 of a collision. All you can say is that it will be *very probably* unique. (I might even allow "almost certainly" unique.) If you generate 2**128 + 1 such numbers, you are *guaranteed* to have at least one collision. If I can arrange matters so that I am using the same seed as you, then I can generate the same UUIDs as you. If I know you are using the Mersenne Twister PRNG, and I can get hold of (by memory) 128 consecutive UUIDs, I can reconstruct the seed you are using and generate all future (and past) UUIDs the same as yours. (Well, when I say "I can", I don't mean *me*, I mean some attacker who is smarter than me, but not that much smarter.) > unless someone clones it. > > Cloning will be a practical issue when you clone virtual machines, for > example. This is certainly a practical issue that people have to be aware of. -- Steven -- https://mail.python.org/mailman/listinfo/python-list
