Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

7
  • 1
    Aren't v4 UUIDs generated from a cryptographically strong PRNG through, making them appropriately random? Commented Dec 14, 2015 at 13:59
  • 5
    @Escher The specification "strongly recommends" a cryptographically secure RNG, but does not forbid to use a non-secure one. Commented Dec 14, 2015 at 19:40
  • 1
    Note on UUID vs. CSPRNG: Best of both words would be generating the number with a CSPRNG and then making it an UUID v4 via bit mask. Commented Dec 15, 2015 at 10:29
  • 3
    An extended discussion on these points should go to DBA.SE but from a DBA's PoV UUIDs can be problematical. In their natural form they are bad candidates for clustered keys, leading to much excess fragmentation. The "Sequental UUIDs" compromise in SQL Server fixes this but recreates the key guessing problem. Their size can also be more of an issue then some assume: as well as 12 extra bytes per row in data (when compared to a 32-bit integer key) there is 12 extra bytes per row on relevant indexes (and 12 per row on all indexes if your clustering key in a UUID). Commented Dec 15, 2015 at 11:53
  • 1
    @David Spillett, the answer to that is "don't cluster on a UUID." Key indexes do not have to be clustered indexes. Commented Dec 16, 2015 at 1:29