[agentx3r]

> If you used UUID() for data that is supposed to be secret (like passwords), you have a serious problem, as these secrets can now be easily guessed.

I've never used UUIDs for secrets, but I've often dependended on UUIDs to be uniform - as the primary identifier when passing data around inside distributed systems. If the chance of collision is implementation dependent, that could end really badly.

[hn_throwaway_99]

UUIDs (of all versions) are guaranteed to be unique. They are not guaranteed to be uniformly distributed.

[agentx3r]

If you have two systems generating UUIDs, and their probability distributions are non uniform and overlap in any significant fashion, then your odds of collision are no longer on the order of 'heat death of the universe'.

TIL only version 4 is generated using a random source.

[zzzcpan]

The purpose of UUIDs is to guarantee uniqueness without coordination within the system of computers over long enough time and within the certain rate of generating them. Hence all the timestamps and node identifiers in them, coordination on which already happened. If it doesn't guarantee uniqueness for your use case - you should change the algorithm to make sure that it does, otherwise there is no point having them if you still have to do coordination to avoid collisions.

[greiskul]

But for the other versions the key word is overlap. Since a part of the UUID is some location based number (like the MAC), there would be no overlap, even if the distribution is completely non uniform.