id: 3122,1D1
title: UUID is inadequate for high security.
date: 2023-11-18

UUID is inadequate for high security.

UUID4 has 128 bits, 122 of which are random. Bitcoin’s whole network in 2018 had a hashrate of 264 H/S, which could have guessed a UUID in 35 minutes, according to the OWASP hash guessing timing equation. Contrast with 160 bits of randomness, which would take 18 million years at that hash rate.rM8

  1. Neil Madden, “Moving Away from UUIDs,” Neil Madden (blog), August 30, 2018, https://neilmadden.blog/2018/08/30/moving-away-from-uuids/. (See notes.)