Nathan,
> I was thinking of cryptographic applications. Then, to use an
> example from another domain, initial TCP sequence numbers should
> be random (i.e. unguessable). A problem with TCP perhaps. It's
> been a while since i've read over my copy of _Applied Cryptography_,
> but I seem to recall that unguessable numbers were sometimes useful.
Yeah, the problem is what it does to your data. If there's no analyzable
correspondence between the key and the server/table/row it attaches to,
then you have no way to detect if the key and the data have become
disassociated.
This is, btw, a problem with conventional SERIALs as well. "unguessable"
UUIDs just compound the problem by adding additional variables (the server
and the table), as well as generally leading to applications which depend
*entirely* on UUID-based integrity and thus can't cope with any failures
in UUID generation or transmission.
I'm also a little baffled to come up with any real application where making
an id number for most tables "unguessable" would provide any kind of real
protection not far better provided by other means. For your "users"
table, sure, but that's a very special case.
--
--Josh
Josh Berkus
Aglio Database Solutions
San Francisco
