Fog Creek Software
Discussion Board




GUIDs

Can anyone point me to a site that explains how globally unique identifiers work, how they are generated and how it is determined to be unique? I have googled, but without much success. Thanks.

fred august
Tuesday, November 04, 2003

[sigh] GUIDs are *so* 1990's.

The original GUID formula used a "unique in time and space" approach - it was a hash of MAC address and timestamp to provide a code that was "pretty much" unique. IIRC, there were security issues with that approach (I think the MAC address could be backed out of the GUID, potentially identifying the machine that generated it), so they switched to a different method which I never bothered to learn. :)

I'm pretty sure there's an API to generate GUIDs in Windows? (I know there's an API, but I don't remember whether it's from a dev dll or a Windows dll)

Philo

Philo
Tuesday, November 04, 2003

In Windows, GUID values can be created using the CoCreateGUID method:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/com/htm/cmf_a2c_05r8.asp
This wraps the UuidCreate API method.

In Windows XP/2000, the UuidCreate function generates a UUID that cannot be traced to the ethernet/token ring address of the computer on which it was generated. It also cannot be associated with other UUIDs created on the same computer. This is a change from earlier Windows operating systems.

Philip Dickerson
Tuesday, November 04, 2003

Why are guids "*so* 1990's."

Are they not still useful?

We are fighting a battle to get all our applications to standardize on one type of unique ids. One app uses long ints, others 8 char string, long int stored in a string field, etc. One of our developers is strongly pushing to use GUIDs and it seems like a good solution to me. Any reason not to use it?

pdq
Tuesday, November 04, 2003

http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=globally+unique+identifier

What do you need that these results aren't providing?


Tuesday, November 04, 2003

i think guids are best when you need to merge different databases togethet, eg. local databases into a central one. i see a definitive advantage there.

on the other side, make sure you don't store those as strings in the db, once i saw a 48 character long guid as string in database. they converted every byte (16 in total) to decimal representation, formatted always into 3 characters.

poor sql...

name not available
Tuesday, November 04, 2003

Yeah Philo,

What's your solution when you need a globally unique identifier?


Tuesday, November 04, 2003

not really.  personally my preference is to create things like ids myself..that way I know what goes into them (and can tweak it if necessary).

the equivalent of the GUID window creates would be to take a snapshot of the # of seconds since 1960 (or whatever it is), the number of ticks since the computer was booted and (more optionally IMO) either the MAC address or some hash of the contents of the users desktop.
Put those together properly and the chances of a duplicate serial becomes measurably tinsy...you _may_ run into problems once you have a monstrously, ridiculously huge user base, but given that by then you will all be rich by then you'll be able to give way free updates to resolve the issue :)

FullNameRequired
Tuesday, November 04, 2003

GUIDs are nice because they are essentially stateless. No one has to remember which numbers have already been assigned.

One of the alternatives is to have a "server" that simply hands out ids, and remembers which ones have been already assigned.

I can't believe you couldn't dig this up in 2 minutes on Google.

Portabella
Tuesday, November 04, 2003

The GUID comment was tongue-in-cheek, because when they first came out, GUIDs were (of course) the greatest thing since sliced bread.

And like all technology, they have their place, but they're not a swiss army knife. :-)

Philo

Philo
Tuesday, November 04, 2003

"One of our developers is strongly pushing to use GUIDs and it seems like a good solution to me"

Hmmmnn, I find GUIDs unwieldy and overkill in many cases. Debugging SQL and stored procs which take GUIDs as parameters is severely headache-inducing. We support multiple databases for replication using a compound primary key consisting of a normal IDENTITY column and a "Site number" - this way we can easily merge data generated on different servers. The pain in this is that all JOINs involve two columns being joined
(i.e. "INNER JOIN b ON (a.id = b.id AND a.st=b.st)", instead of plain ole "INNER JOIN b ON a.id = b.id"). You pays your money...

Duncan Smart
Tuesday, November 04, 2003

Just out of curiosity, why is there a need for such a complicated algorithm to generate a GUID? 

It seems to me that a random number generator -- if it could actually generate a reasonably random number -- would be nearly as good at preventing duplicate GUIDs.  2^128 is an awfully big number.

Robert Jacobson
Tuesday, November 04, 2003

>> "a random number generator -- if it could actually generate a reasonably random number "

Therein lies the crux of the issue -- good random numbers need a good (necessarily complex) algorithm.

Duncan Smart
Tuesday, November 04, 2003

Yes ... the problem is that random numbers aren't really random, but they depend on some random element of the system -- things like the system clock, or your machine's MAC address, for example.

In this sense, GUIDs *are* random numbers.

Alyosha`
Tuesday, November 04, 2003

Well, maybe randomly arbitrary from a discrete set, but not random.  If they were truly random, they could not be guaranteed to be unique, no? 

Mongo
Tuesday, November 04, 2003

An IETF draft describing the details of UUIDs can be found here:

http://www.ics.uci.edu/~ejw/authoring/uuid-guid/draft-leach-uuids-guids-01.txt

anon
Tuesday, November 04, 2003

One of the biggest advantages we found using GUIDs is generating them in our business object constructors, preventing a database hit to obtain a unique identifier. It was simply quite handy to be able to remove a requirement to cross layers to get a unique identifier for a new object.

Just my $0.02.

- Dave

Dave
Tuesday, November 04, 2003

Just run an MD5 hash of the record. :-)

Philo

Philo
Tuesday, November 04, 2003

I second Robert Jacobson's comment but would enjoy more in depth feedback on it.  I have a need in my system to generate IDs in different places in a distributed system.  These IDs end up in a distributed LDAP directory.  I use the Secure Random in Java and generate a 128 bit number. 

I once read an article which posited that any event in your system that is signifigantly less likely than your server being hit by a meteor may be safely ignored.

Would anyone be seriously concerned about collisions in 128 bit numbers generated by SecureRandom?

Name withheld out of cowardice
Wednesday, November 05, 2003

If you're using secure random then you need to set one of the hi bits in your UID (bit 0x40 IIRC) as this says that the network MAC address portion of the UID is NOT issued by the IEEE and is a local network ID (equivalent to 192.168.x.x in IP terms). Older windows systems generated GUIDs using the MAC of the network card, later ones scramble the MAC (I assume using a one way function) and set that bit.
I bugged this during the Win2K beta as I was using GUIDs to get the MAC address of the workstation.

Peter Ibbotson
Wednesday, November 05, 2003

the spec (pointed to above) should describe how to generate GUIDs from a random number.

i think there's also an article on how to do it with jscript somewhere on microsoft's site, targeted at pocketpc developers or something.

found this one which uses C# or VB.NET:
http://msdn.microsoft.com/library/en-us/dnnetcomp/html/PPCGuidGen.asp

but think there is another one too.

mb
Wednesday, November 05, 2003

The thing about using random numbers is that if you work out the probabilities, it might not actually be that rare to get a duplicate.  Sort of like with the classic "birthday" puzzle that asks how many people must you have in a room to have a greater than 50% chance of two of the people having the same birthday.  The answer in that case is around 23.  You only need 10 people to have a greater than 10% chance of a match.

Similarly, the seemingly vast 128 bit space may be significantly reduced when you want no greater than some small chance of a duplicate.  If anyone cares to/is able to run the numbers, I'd be sorta curious to see how it turns out.  Not sure exactly how you'd do it when dealing with numbers that big though.

Mike McNertney
Thursday, November 06, 2003

Good point Mike.  The mitigating factor is that a GUID doesn't necessarily have to be truly unique.  For example, if I have a GUID to register a COM component, and you have the same GUID to register visitors to your web site, there won't be any collision in practice.

Still, I'd also be curious about the theoretical odds of a collision.

Robert Jacobson
Thursday, November 06, 2003

*  Recent Topics

*  Fog Creek Home