Universally unique identifier

A Universally Unique Identifier (UUID) is an identifier standard used in software construction, standardized by the Open Software Foundation (OSF) as part of the Distributed Computing Environment (DCE). The intent of UUIDs is to enable distributed systems to uniquely identify information without significant central coordination. Thus, anyone can create a UUID and use it to identify something with reasonable confidence that the identifier will never be unintentionally used by anyone for anything else. Information labeled with UUIDs can therefore be later combined into a single database without needing to resolve name conflicts. The most widespread use of this standard is in Microsoft's Globally Unique Identifiers (GUIDs). Other significant uses include Linux's ext2/ext3 filesystem, LUKS encrypted partitions, GNOME, KDE, and Mac OS X, all of which use implementations derived from the uuid library found in the e2fsprogs package.

UUIDs are documented as part of ISO/IEC 11578:1996 "Information technology – Open Systems Interconnection – Remote Procedure Call (RPC)" and more recently in ITU-T Rec. X.667 | ISO/IEC 9834-8:2005. The IETF has published Proposed Standard RFC 4122 that is technically equivalent with ITU-T Rec. X.667 | ISO/IEC 9834-8.

Definition

A UUID is a 16-byte (128-bit) number. The number of theoretically possible UUIDs is therefore about 3 × 10³⁸. In its canonical form, a UUID consists of 32 hexadecimal digits, displayed in 5 groups separated by hyphens, in the form 8-4-4-4-12 for a total of 36 characters (32 digits and 4 hyphens). For example:

550e8400-e29b-41d4-a716-446655440000

A UUID may also be used with a specific identifier intentionally used repeatedly to identify the same thing in different contexts. For example, in Microsoft's Component Object Model, every component must implement the IUnknown interface, which is done by creating a UUID representing IUnknown. In all cases wherever IUnknown is used, whether it is being used by a process trying to access the IUnknown interface in a component, or by a component implementing the IUnknown interface, it is always referenced by the same identifier: 00000000-0000-0000-C000-000000000046.

Version 1 (MAC address)

Conceptually, the original (version 1) generation scheme for UUIDs was to concatenate the UUID version with the MAC address of the computer that is generating the UUID, and with the number of 100-nanosecond intervals since the adoption of the Gregorian calendar in the West. In practice, the actual algorithm is more complicated. This scheme has been criticized in that it is not sufficiently "opaque"; it reveals both the identity of the computer that generated the UUID and the time at which it did so.

Version 2 (DCE Security)

Version 2 UUIDs are similar to Version 1 UUIDs, with the upper byte of the clock sequence replaced by the identifier for a "local domain" (typically either the "POSIX UID domain" or the "POSIX GID domain") and the first 4 bytes of the timestamp replaced by the user's POSIX UID or GID (with the "local domain" identifier indicating which it is).^[1]^[2]

Version 3 (MD5 hash)

Version 3 UUIDs use a scheme deriving a UUID via MD5 from a URL, a fully qualified domain name, an object identifier, a distinguished name (DN as used in Lightweight Directory Access Protocol), or on names in unspecified namespaces. Version 3 UUIDs have the form xxxxxxxx-xxxx-3xxx-xxxx-xxxxxxxxxxxx with hexadecimal digits x.

To determine the version 3 UUID of a given name, the UUID of the namespace, e.g. 6ba7b810-9dad-11d1-80b4-00c04fd430c8 for a domain, is transformed to a string of bytes corresponding to its hexadecimal digits, concatenated with the input name, hashed with MD5 yielding 128 bits. Six bits are replaced by fixed values, four of these bits indicate the version, 0011 for version 3. Finally the fixed hash is transformed back into the hexadecimal form with hyphens separating the parts relevant in other UUID versions.

Version 4 (random)

Version 4 UUIDs use a scheme relying only on random numbers. This algorithm sets the version number as well as two reserved bits. All other bits are set using a random or pseudorandom data source. Version 4 UUIDs have the form xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx with hexadecimal digits x and hexadecimal digits 8, 9, A, or B for y. e.g. f47ac10b-58cc-4372-a567-0e02b2c3d479.

Version 5 (SHA-1 hash)

Version 5 UUIDs use a scheme with SHA-1 hashing, otherwise it is the same idea as in version 3. RFC 4122 states that version 5 is preferred over version 3 name based UUIDs. Note that the 160 bit SHA-1 hash is truncated to 128 bits to make the length work out.

Implementations

C: libuuid is part of the e2fsprogs package. The OSSP project provides a UUID library.^[3]
C++: ooid implements a C++ UUID class. QUuid is part of the C++ Qt framework.
CakePHP: CakePHP will automatically generate UUIDs for new records if you specify a table's primary key as data type CHAR(36).^[4]
Cocoa/Carbon: The Core Foundation class CFUUIDRef is used to produce and store UUIDs, as well as to convert them to and from CFString/NSString representations.^[5]
CodeGear RAD Studio (Delphi/C++ Builder): A new GUID can be generated by pressing Ctrl+Shift+G.
ColdFusion: The createUUID() function provides a UUID in all versions, however the format generated is in 4 segments instead of 5 xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx (8-4-4-16).^[6]
Common Lisp: A library is available to create UUIDs (v1, v3, v4 and v5) according to RFC 4122.^[7]
Eiffel: A library is available to create UUIDs Generates uuids according to RFC 4122, Variant 1 0, Version 4. Source available at Eiffel UUID library
Firebird Server: Firebird has gen_uuid() from version 2.1^[8] and uuid_to_char() and char_to_uuid() from version 2.5^[9] as built-in functions.
Free Pascal & Lazarus IDE: In Free Pascal there is a class called TGUID that holds the structure of a UUID. Also in the SysUtils.pas unit there are methods to create, compare and convert UUID's. They are CreateGUID(), GUIDToString() and IsEqualGUID().^[10] In the Lazarus IDE you can also generate a UUID by pressing Ctrl+Shift+G.
Haskell: The package uuid^[11] directly implements most of RFC 4122. The package supports generation (v1, v4 and v5), and serializing to and from string and binary formats. The package system-uuid^[12] provides bindings to the native UUID generators on Windows, Linux and Mac OS X.
Java: The J2SE 5.0 release of Java provides a class that will produce 128-bit UUIDs, although it only implements version 3 and 4 generation methods, not the original method (due to lack of means to access MAC addresses using pure Java). The API documentation for the java.util.UUID class refers to ISO/IEC 11578:1996. Open source implementations supporting MAC addresses on several common operating systems are UUID – generate UUIDs (or GUIDs) in Java , Java Uuid Generator (JUG) and ActiveScript.
Javascript: AF Design provide a javascript class based on random number instead of MAC address. Broofa.com has implemented a JavaScript function which generates version 4 UUIDs as defined in the RFC 4122 specification.
Lasso: A custom tag for Lassoscript by Douglas Burchard, and an LJAPI-module by Steffan A. Cline.
Lua: There is a Lua module by Luiz Henrique de Figueiredo.
MySQL: MySQL provides a UUID() function.^[13]
.NET Framework: The .NET Framework also provides a structure System.Guid to generate and manipulate 128-bit UUIDs.^[14]
Objective Caml (OCaml): The uuidm library implements universally unique identifiers version 3, 5 (name based with MD5, SHA-1 hashing) and 4 (random based) according to RFC 4122.
Oracle Database: The Oracle Database provides a function SYS_GUID() to generate unique identifiers.^[15]
Perl: The Data::UUID and Data::GUID modules from CPAN can be used to create UUIDs.^[16]
PHP: In PHP there are several modules for creating UUIDs.^[17]
PostgreSQL: PostgreSQL contains a uuid data type. Also various generation functions as part of the uuid-ossp contrib module.^[18]
Progress OpenEdge ABL: The GENERATE-UUID function in OpenEdge 10 provides a UUID which can be made printable using the GUID() oder BASE64-ENCODE() functions.^[19]
Python: The uuid module^[20] (included in the standard library since Python 2.5) creates UUIDs to RFC 4122.
Revolution/RunRev: The libUUID library^[21] A library that generates UUIDs of type 1 (time based), type 3 (name-based) and type 4 (random-based). Version 1.0. by Mark Smith. OSL 3.0
Ruby: There are several RFC4122 implementations for Ruby, the most updated ones being Ruby-UUID (fork here), UUID and UUIDTools.
SQL Server: Transact-SQL (2000 and 2005) provides a function called NEWID() to generate uniqueidentifiers. SQL Server 2005 provides an additional function called NEWSEQUENTIALID() which generates a new GUID that is greater than any GUID previously created by the NEWSEQUENTIALID() function on a given computer.
Tcl: A Tcl implementation is provided in the TclLib package.^[22]

Random UUID probability of duplicates

Randomly generated UUIDs like those generated by the java.util.UUID class have 122 random bits. There are 128 bits altogether with 4 bits being used for the version ('Randomly generated UUID'), and 2 bits for the variant ('Leach-Salz'). With random UUIDs, the chance of two having the same value can be calculated using probability theory (Birthday paradox). Using the approximation

p(n)\approx 1-e^{-{\tfrac {n^{2}}{2x}}}

these are the probabilities of an accidental clash after calculating n UUIDs, with x=2¹²²:

n	probability
68,719,476,736 = 2³⁶	0.0000000000000004 (4 × 10⁻¹⁶)
2,199,023,255,552 = 2⁴¹	0.0000000000004 (4 × 10⁻¹³)
70,368,744,177,664 = 2⁴⁶	0.0000000004 (4 × 10⁻¹⁰)

To put these numbers into perspective, one's annual risk of being hit by a meteorite is estimated to be one chance in 17 billion ^[23], that means the probability is about 0.00000000006 (6 × 10⁻¹¹), equivalent to the odds of creating a few tens of trillions of UUIDs in a year and having one duplicate. In other words, only after generating 1 billion UUIDs every second for the next 100 years, the probability of creating just one duplicate would be about 50%. The probability of one duplicate would be about 50% if every person on earth owns 600 million UUIDs.

However, these probabilities only hold when the UUIDs are generated using sufficient entropy. Otherwise the probability of duplicates may be significantly higher, since the statistical dispersion may be lower.

History

The initial design of DCE UUIDs was based on UUIDs as defined in the Network Computing System,^[24] whose design was in turn inspired by the (64-bit) unique identifiers defined and used pervasively in Domain/OS, the operating system designed by Apollo Computer, Inc.

References

^ The Open Group (1997). "CDE 1.1: Remote Procedure Call".
^ The Open Group (1997). "DCE 1.1: Authentication and Security Services".
^ Open Source Software Project. "Universally Unique Identifier (UUID)".
^ "Cake version 1.2 manual".
^ Apple Computer, Inc. "CFUUID Reference".
^ Adobe Systems Inc. "ColdFusion Functions:CreateUUID".
^ Boian Tzonev. "UUID".
^ "Firebird 2.1 Release Notes".
^ "Firebird 2.5 Release Notes".
^ Free Pascal Documentation. "Reference for 'sysutils' unit".
^ Antoine Latter. "uuid".
^ Jason Dusek. "system-uuid".
^ MySQL AB. "MySQL 5.0 Reference Manual".
^ "Guid Structure". MSDN Library.
^ "SYS_GUID". Oracle Database SQL Reference. Oracle Corporation.
^ Signes, Ricardo (16 January 2009). "Data-GUID". CPAN.
^ Holzgraefe, Hartmut (1 April 2008). "uuid". PECL.
^ PostgreSQL Global Development Group. "PostgreSQL 8.3.x Documentation: UUID Type".
^ http://www.psdn.com/library/servlet/KbServlet/download/1927-102-2537/dvref.pdf
^ "Python Library Reference: uuid".
^ "Revolution Stuff: libUUID".
^ "Tcl Standard Library: uuid".
^ Old Farmer's Almanac 1994, 220-222, Taking your Chances: An Explanation of Risk
^ Zahn, Lisa (1990). Network Computing Architecture. Prentice Hall. p. 10. ISBN 0136116744.

External links

[1] The Open Group (1997). "CDE 1.1: Remote Procedure Call".

[2] The Open Group (1997). "DCE 1.1: Authentication and Security Services".

[3] Open Source Software Project. "Universally Unique Identifier (UUID)".

[4] "Cake version 1.2 manual".

[5] Apple Computer, Inc. "CFUUID Reference".

[6] Adobe Systems Inc. "ColdFusion Functions:CreateUUID".

[7] Boian Tzonev. "UUID".

[8] "Firebird 2.1 Release Notes".

[9] "Firebird 2.5 Release Notes".

[10] Free Pascal Documentation. "Reference for 'sysutils' unit".

[11] Antoine Latter. "uuid".

[12] Jason Dusek. "system-uuid".

[13] MySQL AB. "MySQL 5.0 Reference Manual".

[14] "Guid Structure". MSDN Library.

[15] "SYS_GUID". Oracle Database SQL Reference. Oracle Corporation.

[16] Signes, Ricardo (16 January 2009). "Data-GUID". CPAN.

[17] Holzgraefe, Hartmut (1 April 2008). "uuid". PECL.

[18] PostgreSQL Global Development Group. "PostgreSQL 8.3.x Documentation: UUID Type".

[19] ttp://www.psdn.com/library/servlet/KbServlet/download/1927-102-2537/dvref.pdf

[20] "Python Library Reference: uuid".

[21] "Revolution Stuff: libUUID".

[22] "Tcl Standard Library: uuid".

[23] Old Farmer's Almanac 1994, 220-222, Taking your Chances: An Explanation of Risk

[24] Zahn, Lisa (1990). Network Computing Architecture. Prentice Hall. p. 10. ISBN 0136116744.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

[24]