On Wed 05 Feb 2020 at 16:47:13 (-0500), Greg Wooledge wrote: > On Wed, Feb 05, 2020 at 01:43:37PM -0600, David Wright wrote: > > I don't suppose either of us will meet a UUID collision in our > > lifetimes, and it's obviously a sensible scheme to use where there > > are large numbers of commoditised objects to name. > > Usually a UUID collision is a result of a subtle mistake, like cloning > a disk and then trying to mount a file system by UUID while the clone > is still attached. At least, that's the first scenario I can think of.
There are versions of UUIDs that aren't quite what they seem; IOW there are predictable ones. There are means of placing strings into positions where UUIDs are expected, eg tune2fs -U. There's a vanishingly small probability that a human will spot a deliberately altered UUID. My assumption in writing the above was that we are honest brokers, generating UUIDs in a random manner. In the absence of a RNG of any quality whatsoever, I think the cryptographic vulnerability of the system will exceed the likelihood of UUID collisions occurring. I have no information to back that up :) https://lists.debian.org/debian-user/2020/02/msg00005.html Cheers, David.
