Tom M. wrote:
On Apr 3, 2006, at 10:40 PM, Doug D. wrote:
It seems that there is a small probability of collisions among uuid’s
produced by uuidtools’ UUID.random_create() running in concurrent user
processes on a host (fcgi)? The ~2 bytes extracted from the randomized
clock_sequence make a collision unlikely.
It also relies on true_random, which it claims is a very good random
number generator “much, much better than the built-in pseudorandom
The concern is that “only” 14 bits of this true_random (assigned to
clock_sequence) is used. The probability of collisions in a fcgi
configuration is a little too likely. Plus the potential MAC issue, an
exception code better be in place to re-generate uuid’s.
It would be better if uuidtools’ code were run in the kernel space,
rather than the user. Or, it embeds a PID in uuid’s.
Another approach is to get uuid’s from a database, i.e. MySQL’s UUID(),
as long as one DB server runs on a host, effectively making the DB
server the kernel for all its client processes. However, if MySQL forks
a user process for each client, not create a pthread, we’re back to
square one. Is this the case? Any other downsides?