[HN Gopher] New UUID Formats
___________________________________________________________________
New UUID Formats
Author : dimfeld
Score : 19 points
Date : 2021-08-23 17:29 UTC (5 hours ago)
(HTM) web link (www.ietf.org)
(TXT) w3m dump (www.ietf.org)
| jasonhansel wrote:
| Personally, I dislike UUIDs that encode timestamps. They embed
| information in identifiers that _look_ opaque, and can therefore
| accidentally communicate information about the history of an
| object that is intended to be kept secret. Much better to just
| use a randomly generated ID and then provide a separate
| timestamp, so that you can provide one without revealing the
| other.
| junon wrote:
| Agreed. MongoDB isn't UUID per se but apps that use the IDs
| directly somehow usually don't realize they're leaking
| information for the exact same reason.
| BugsJustFindMe wrote:
| > _Much better to just use a randomly generated ID and then
| provide a separate timestamp, so that you can provide one
| without revealing the other._
|
| If you're talking about allocating the same number of bits
| either way, your way vs their way just expresses a trade
| between never rolling the random number generator twice for the
| same entry (theirs) and demanding a uniqueness guarantee for
| just the random portion on its own and thus re-rolling on
| collision (yours). Would subsequently encrypting the time-based
| IDs into the same bitspace before sharing them (see e.g.
| https://wiki.postgresql.org/wiki/Pseudo_encrypt) satisfy your
| desire to not leak the time information?
| AgentK20 wrote:
| Previous discussion https://news.ycombinator.com/item?id=28088213
___________________________________________________________________
(page generated 2021-08-23 23:02 UTC)