How good is Java's UUID.randomUUID?

java uuid
Alvin picture Alvin · Mar 25, 2010 · Viewed 174.2k times · Source

I know that randomized UUIDs have a very, very, very low probability for collision in theory, but I am wondering, in practice, how good Java's randomUUID() is in terms of not having collision? Does anybody have any experience to share?

Answer

Michael Borgwardt picture Michael Borgwardt · Mar 25, 2010

UUID uses java.security.SecureRandom, which is supposed to be "cryptographically strong". While the actual implementation is not specified and can vary between JVMs (meaning that any concrete statements made are valid only for one specific JVM), it does mandate that the output must pass a statistical random number generator test.

It's always possible for an implementation to contain subtle bugs that ruin all this (see OpenSSH key generation bug) but I don't think there's any concrete reason to worry about Java UUIDs's randomness.

Related questions

Efficient method to generate UUID String in JAVA (UUID.randomUUID().toString() without the dashes)

I would like an efficient utility to generate unique sequences of bytes. UUID is a good candidate but UUID.randomUUID().toString() generates stuff like 44e128a5-ac7a-4c9a-be4c-224b6bf81b20 which is good, but I would …

Read More
Likelihood of collision using most significant bits of a UUID in Java

If I'm using Long uuid = UUID.randomUUID().getMostSignificantBits() how likely is it to get a collision. It cuts off the least significant bits, so there is a possibility that you run into a collision, right?

Read More
Generating 8-character only UUIDs

UUID libraries generate 32-character UUIDs. I want to generate 8-character only UUIDs, is it possible?

Read More