Identity Crisis: How Modern Applications Generate Unique Ids

<p>It&rsquo;s 7:15 am and customer support is swamped. We just got featured on Good Morning America, and a whole bunch of first time customers are bumping into bugs. A customer would fill a shopping cart with items, check out, pay for the items, and then be presented with an order receipt with all the wrong items!</p> <p>What was happening? We were using GUIDs, and we trusted them not to collide. After all, they&rsquo;re called &ldquo;Globally Unique Identifiers&rdquo; so they must be unique, right? The odds of collision for GUIDs are supposed to be one in&nbsp;<code>5.316912e+36</code>. That&#39;s a gigantic entropy space. Entropy is a measure of the total information in a system. In the context of unique ids, a higher entropy will lead to fewer collisions, and can also make it more difficult for an attacker to guess a valid id. If you&#39;re still using UUID/GUID or database identifiers as your primary record keys, it&#39;s time to re-evaluate.</p> <p>That incident led me to create the Cuid specification, which was ported over 20 times to different languages, and used in thousands of applications, some of which have hundreds of millions of users. But in the last decade using it, I realized I was optimizing for the wrong things. Before we go into that, though, we need a little context.</p> <p>Applications store data that needs to be uniquely identified so that it can be referenced and looked up. To do that, we create unique identifiers for the data.</p> <p><a href="https://medium.com/javascript-scene/identity-crisis-how-modern-applications-generate-unique-ids-39562736f557">Website</a></p>
Tags: Crisis unique Ids