https://issues.dlang.org/show_bug.cgi?id=19836

Dlang Bot <dlang-bot@dlang.rocks> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |pull

--- Comment #1 from Dlang Bot <dlang-bot@dlang.rocks> ---
@n8sh created dlang/phobos pull request #6985 "Fix Issue 19836 - Excessive probability of UUID collisions in std.uuid.randomUUID" fixing this issue:

- Fix Issue 19836 - Excessive probability of UUID collisions in std.uuid.randomUUID

  On 64-bit architectures use 64 bits of entropy to initialize
  thread-local `rndGen`.

  The motivation for this change is std.uuid defaults to using `rndGen`
  to generate UUIDs. If every `rndGen` starts in one of 2^^32 states then
  if 77000 independent programs each generate a single UUID there is a 50%
  chance that at least two of them generate the same initial UUID (and all
  subsequent UUIDs would be identical as well). Not just Phobos but also
  C++ boost::uuids::random_generator defaults to generating UUIDs with a
  Mersenne Twister initialized from a 32-bit seed, exacerbating the
  collision problem further. If instead there are 2^^64 possible initial
  states of `rndGen` there can be over 5 billion independent `rndGen`s
  before there is a 50% chance of two having identical initial states.

  This change is limited to 64-bit architectures to avoid a measurable
  performance decrease, because many programs are not generating UUIDs.

https://github.com/dlang/phobos/pull/6985

--

https://issues.dlang.org/show_bug.cgi?id=19836

Dlang Bot <dlang-bot@dlang.rocks> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from Dlang Bot <dlang-bot@dlang.rocks> ---
dlang/phobos pull request #6985 "Fix Issue 19836 - Excessive probability of UUID collisions in std.uuid.randomUUID" was merged into master:

- 5d0f1d3471b95d6d22406001f3e7ba52b4691aa2 by Nathan Sashihara:
  Fix Issue 19836 - Excessive probability of UUID collisions in
std.uuid.randomUUID

  On 64-bit architectures use 64 bits of entropy to initialize
  thread-local `rndGen`.

  The motivation for this change is std.uuid defaults to using `rndGen`
  to generate UUIDs. If every `rndGen` starts in one of 2^^32 states then
  if 77000 independent programs each generate a single UUID there is a 50%
  chance that at least two of them generate the same initial UUID (and all
  subsequent UUIDs would be identical as well). Not just Phobos but also
  C++ boost::uuids::random_generator defaults to generating UUIDs with a
  Mersenne Twister initialized from a 32-bit seed, exacerbating the
  collision problem further. If instead there are 2^^64 possible initial
  states of `rndGen` there can be over 5 billion independent `rndGen`s
  before there is a 50% chance of two having identical initial states.

  This change is limited to 64-bit architectures to avoid a measurable
  performance decrease, because many programs are not generating UUIDs.

https://github.com/dlang/phobos/pull/6985

--

https://issues.dlang.org/show_bug.cgi?id=19836

--- Comment #3 from Dlang Bot <dlang-bot@dlang.rocks> ---
dlang/phobos pull request #6994 "Issue 19836 followup - also fix on 32 bit machines" was merged into master:

- 8d499765142b2bb7c97ca07d7f8b9afc17cb5776 by Nathan Sashihara:
  Issue 19836 followup - also fix on 32 bit machines

  Changed the private enhanced seeding method for `rndGen` to something
  that is fast on both 64 bit and 32 bit machines so can be enabled
  regardless of architecture. When compiled with LDC it is about 1.35x
  the speed of public `Mt19937.seed(uint)`.

https://github.com/dlang/phobos/pull/6994

--