18

Globally Unique Identifiers (GUID) are a grouped string with a specific format which I assume has a security reason.

A GUID is most commonly written in text as a sequence of hexadecimal digits separated into five groups, such as:

3F2504E0-4F89-11D3-9A0C-0305E82C3301

Why aren't GUID/UUID strings just random bytes encoded using hexadecimal of X length?

This text notation contains the following fields, separated by hyphens:

| Hex digits | Description
|-------------------------
| 8            | Data1
| 4            | Data2
| 4            | Data3
| 4            | Initial two bytes from Data4
| 12           | Remaining six bytes from Data4

There are also several versions of the UUID standards.

Version 4 UUIDs are generally internally stored as a raw array of 128 bits, and typically displayed in a format something like:

uuid:xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx

Xeoncross
  • 1,213

2 Answers2

13

From RfC4122 – A Universally Unique IDentifier (UUID) URN Namespace

The formal definition of the UUID string representation is provided by the following ABNF:

UUID                   = time-low "-" time-mid "-"
                         time-high-and-version "-"
                         clock-seq-and-reserved
                         clock-seq-low "-" node

So, those are just the different fields from the original time and MAC-based UUID. The RFC says it originates from the Apollo Network Computing System.

ivan_pozdeev
  • 603
Jörg W Mittag
  • 104,619
2

The text representation with the dashes is separating the four fields of the Guid/UUID into five groups (with the last field being separated itself after the first two bytes): Guid Text Encoding

The representation doesn't have anything to do with security, as there are different methods of computing it and is intended to be a unique identifier not necessarily a secure one.

The most likely reason the fields are split (even though the standard doesn't mention it) is for readability/separation of the component parts.

Turnkey
  • 1,697