Marti Raudsepp <marti@juffo.org> writes:
> On Thu, Apr 24, 2014 at 8:40 PM, Josh Berkus <josh@agliodbs.com> wrote:
>> A pseudo-random UUID is frankly pretty
>> useless to me because (a) it's not really unique
> This is FUD. A pseudorandom UUID contains 122 bits of randomness. As
> long as you can trust the random number generator, the chances of a
> value occurring twice can be estimated using the birthday paradox:
> there's a 50% chance of having *one* collision in a set of 2^61 items.
Of course, the weak spot in this analysis is the assumption that there
are actually 122 independent bits in the value. It's not difficult to
imagine that systems with crummy random() implementations might only have
something like 32 bits worth of real randomness. Or less. Seeding your
PRNG from gettimeofday(), for instance, is highly likely to lead to
collisions ... no matter how good the PRNG itself is.
> If you believe there's a chance of ever seeing a pseudorandom UUID
> collision in practice, you should be buying lottery tickets.
Now *that*, I'd call FUD. The issue here is not whether collisions
are improbable under ideal circumstances. The issue is how much work
does it take to have some confidence that you're anywhere near the
ideal case.
regards, tom lane