Menu
I know that randomized UUIDs have a very, very, very low probability for collision in theory, but I am wondering, in practice, how good Java's randomUUID() is in terms of not having collision? Does anybody have any experience to share?
767
Well, the source code shows UUID. randomUUID uses SecureRandom . As you can see, you can use either, but in a secure UUID you have 6 non-random bits, which can be considered a disadvantage if you are picky.
Randomly generated UUID In Java, the randomUUID() static method is used to generate a random UUID. The method internally uses SecureRandom class, which provides a cryptographically strong random number generator. Every UUID is associated with a version number. The version number describes how the UUID was generated.
A collision is possible but the total number of unique keys generated is so large that the possibility of a collision is almost zero. As per Wikipedia, the number of UUIDs generated to have atleast 1 collision is 2.71 quintillion. This is equivalent to generating around 1 billion UUIDs per second for about 85 years.
The principle doesn't change, UUID generation is really random—meaning you can consider the generation of UUIDs to to be independent events from one another. In other words, creating UUIDs from different computers does not change anything, it is incredibly unlikely that a collision will occur.
UUID uses java.security.SecureRandom, which is supposed to be "cryptographically strong". While the actual implementation is not specified and can vary between JVMs (meaning that any concrete statements made are valid only for one specific JVM), it does mandate that the output must pass a statistical random number generator test.
It's always possible for an implementation to contain subtle bugs that ruin all this (see OpenSSH key generation bug) but I don't think there's any concrete reason to worry about Java UUIDs's randomness.
187
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
