What is the guaranteed uniqueness in the identifiers generated by the APR::UUID module

Question

The documentation of Data::UUID states that

A UUID is 128 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE.

The documentation for APR::UUID describes the generated identifiers as random.

Does this mean that the GUIDs created by APR::UUID are not guaranteed to be unique?

Answer 1

The Wikipedia articles on UUIDs and GUIDs are instructive here.

UUIDs are random but drawn from such a large distribution that the probabilities of collisions are miniscule, where in this context miniscule means that you are likely to be struck by thousands of asteroids before you generate two identical UUIDs.

GUIDs are mostly random but also incorporate some deterministic but unique data to your system, such as the MAC address of your network hardware and the current time, so that collisions between a GUID created on another system are even less likely.

Answer 2

I realise this is an old question, but as I stumbled unto this issue, I thought I would share some observations.

As stated by daxim, APR::UUID uses libuuid. However, in at least some implementations, libuuid does not generate a random (v4) UUID, but a v1 UUID (based on MAC address and timestamp). These are really unique (as long as your MAC address is indeed unique), but they leek information (your MAC address and the time the UUID was generated) and may be at least somewhat predictable.

If the UUID generation code is spec-compliant, you can find out which version of UUID is generated by looking at the first digit of the 3 group. v1 UUIDs are not random but predictable. v4 UUIDs are random and (supposedly) unpredictable.