uuid.NewString use UUID v7 instead of v4

Question

uuid.NewString use UUID v7 instead of v4

codenoid opened this issue 5 months ago · 6 comments

Answer 1 · 2024-07-09T13:38:37.000Z

this could have an impact on the security of UUIDs as the number of bits of randomness decreases from 122 to 48. Please provide a strong justification for this request.

Answer 2 · 2024-07-09T13:51:16.000Z

@bormanp I see, but is that the only reason to choose v4 as the default of uuid.NewString ?

source: https://x.com/maciejwalkowiak/status/1809164757959938376

UUIDv7 clearly has better performance, better DX as the first part are a timestamp and more future-proof as it's newer version of UUID

Answer 3 · 2024-07-09T14:11:44.000Z

It is an unexpected change in behavior. You are free to generate v7 UUIDs but it is not reasonable to request that applications that have been generating v4 UUIDs to start generating v7 UUIDs. The security implications are important as v4 UUIDs are much more difficult to guess than v7 UUIDs. In many applications this is more important. UUIDs are not just for SQL databases.

Answer 4 · 2024-07-19T13:11:21.000Z

uuid.Must(uuid.NewV7()).String()

Answer 5 · 2024-07-20T10:36:28.000Z

I agree, this might pose a risk to applications relying on the randomness of UUIDs, therefore it would at least be a breaking change. However, we could maybe make people more aware of the existence of UUID V7 in this package and the potential advantage.

Answer 6 · 2024-07-20T12:41:33.000Z

I don't see why uuid.NewString() just exist on the first place, anyway, I'm closing this issue.