[wp-hackers] Time to change GUID to UUID?

Dougal Campbell dougal at gunters.org
Mon May 9 13:29:21 UTC 2011

On May 8 2011 8:18 PM, Lynne Pope wrote:
> The example I gave is what happens now. Basing the GUID on the domain 
> name is far from unique. Creating a string from a salted URI + 
> timestamp + cryptographic quality highly-random number is far more 
> likely to give practical uniqueness. UUID's can never be absolutely 
> unique across all of time and space but they can get pretty close.

There's plenty of factors available to help increase the entropy of a 
GUID/UUID, and since you only need to compute them at save time, there's 
not really any harm in making them arbitrarily complex. Something like 
this would be reasonably random and unique:

  $uid = sha1 ( microtime() . AUTH_SALT . DB_NAME . $post->post_title . 
$post->ID )

The chances of any two of those factors being the same between sites are 
pretty slim to start with Worst case scenario is two sites with no 
explicit AUTH_SALT set, same DB_NAME (chances low), "Hello World" post 
with ID=1. But when you toss microtime() into the mix, you're talking 
about infinitesimal chances of a collision. The main chance of collision 
would probably be from the hash function itself at that point.

Dougal Campbell <dougal at gunters.org>

More information about the wp-hackers mailing list