uuid.NewString use UUID v7 instead of v4

google / uuid

Go package for UUIDs based on RFC 4122 and DCE 1.1: Authentication and Security Services.

BSD 3-Clause "New" or "Revised" License

5.16k stars 362 forks source link

uuid.NewString use UUID v7 instead of v4 #164

Open codenoid opened 1 week ago

bormanp commented 1 week ago

this could have an impact on the security of UUIDs as the number of bits of randomness decreases from 122 to 48. Please provide a strong justification for this request.

codenoid commented 1 week ago

@bormanp I see, but is that the only reason to choose v4 as the default of uuid.NewString ?

source: https://x.com/maciejwalkowiak/status/1809164757959938376

UUIDv7 clearly has better performance, better DX as the first part are a timestamp and more future-proof as it's newer version of UUID

bormanp commented 1 week ago

It is an unexpected change in behavior. You are free to generate v7 UUIDs but it is not reasonable to request that applications that have been generating v4 UUIDs to start generating v7 UUIDs. The security implications are important as v4 UUIDs are much more difficult to guess than v7 UUIDs. In many applications this is more important. UUIDs are not just for SQL databases.

it512 commented 3 hours ago

uuid.Must(uuid.NewV7()).String()