Women in Technology

Hear us Roar



Article:
  Don't Let Hibernate Steal Your Identity
Subject:   Uniqueness and UUID
Date:   2006-09-14 10:18:56
From:   icarr
Your second statement of requirements for the properties of an id was:


Is guaranteed unique, even across different VMs and different machines.


However as I understand it most implementation of UUID generator don't actually provide this?


In the article the randomUUID function from the 1.5 jre has in the javadoc


"The UUID is generated using a cryptographically strong pseudo random number generator."


hence two implementations could theoretically generate the same random number with the posible but unlikely outcome that across two systems or VM's on the same system we could generate the same UUID at the same moment in time.


Some implementations use the MAC address to 'spacially' separate machines, but two VM's on the same machine would have the same MAC. I presumably need to add in the PID (processID) to really separate the individual VM's. Unfortunately I can't obtain either of these pieces of information directly from within Java (JNI to the operating system seems to be a requirement?).


Have you come across an implementation that is absolutely guaranteed not to duplicate UID's making them truly UUID's?


I need to be able to generate keys on disconnected machines with an absolute guarantee that they will not duplicate when combined together in a central solution.

Main Topics Oldest First

Showing messages 1 through 1 of 1.

  • Uniqueness and UUID
    2006-09-14 11:21:05  jbrundege [View]

    I believe the JUG library Time-based UUID does what you want. It uses the MAC Address and a timestamp, but it uses the filesystem to synchronize the timestamp between all JVM's operating on the same machine.

    In case anyone is wondering how a random-based UUID can be considered unique, the random portion of the number is 14 bytes (I believe 2 bytes are reserved to indicate the type of UUID). That's 2^112 combinations. Calculating the odds of a collision is complex math (any takers?), but let's just say the odds are astronomically low. If you wrote a program that did nothing but generate random-based UUIDs, one per millisecond, the time to the first collision would probably be measured in thousands (if not millions) of years! You have to judge for your own requirements, but for most common uses a random-based UUID is absolutely safe, and will never result in a collision.

    James