[wp-hackers] Time to change GUID to UUID?
dougal at gunters.org
Mon May 9 13:29:21 UTC 2011
On May 8 2011 8:18 PM, Lynne Pope wrote:
> The example I gave is what happens now. Basing the GUID on the domain
> name is far from unique. Creating a string from a salted URI +
> timestamp + cryptographic quality highly-random number is far more
> likely to give practical uniqueness. UUID's can never be absolutely
> unique across all of time and space but they can get pretty close.
There's plenty of factors available to help increase the entropy of a
GUID/UUID, and since you only need to compute them at save time, there's
not really any harm in making them arbitrarily complex. Something like
this would be reasonably random and unique:
$uid = sha1 ( microtime() . AUTH_SALT . DB_NAME . $post->post_title .
The chances of any two of those factors being the same between sites are
pretty slim to start with Worst case scenario is two sites with no
explicit AUTH_SALT set, same DB_NAME (chances low), "Hello World" post
with ID=1. But when you toss microtime() into the mix, you're talking
about infinitesimal chances of a collision. The main chance of collision
would probably be from the hash function itself at that point.
Dougal Campbell <dougal at gunters.org>
More information about the wp-hackers