GUID as a Service — Questions and Answers

Some of the answers may even be correct.

What’s a GUID?

A GUID is a Globally Unique Identifier. Occasionally in software systems, it’s convenient to be able to create an identifier that you’re sure isn’t used by anything else in the world. This can allow you to tell different pieces of data apart by assigning a new GUID to each of them.

How do I pronounce GUID as a word?

With a hard g, as in “globally”.

What’s the point of offering GUID as a Service?

While most development platforms offer a built-in method to create a GUID, creating one that way is not buzzword-compliant with the latest trends in software development architecture. Moving all aspects of applications to the “cloud” allows for each component to use individual implementations of needed functionality.

How are GUIDs made?

In order to be truly globally unique, one might expect that one would need a central list of all created identifiers, in order to verify that there are no duplicates created. While this is one approach that you might consider, others are possible. By outsourcing this complex decision to GUID as a Service, you no longer need to worry about such details.

What if I care about the method by which my GUID is generated?

Then pass the optional “type” parameter (see documentation), which allows you to specify whether you want a “Version 1” GUID based on a timestamp and MAC address, or a “Version 4” GUID based on using a large enough random number such that you don’t really have to worry about duplicates.

If this is all in the “cloud”, what MAC address is used when I ask for a Type 1 GUID?

[Unused Network Card] This was a major concern during development on this service. As the API is built on Amazon’s “serverless” architecture, it was not clear if any servers were going to be involved in creation of the GUID, and therefore it was unclear whether there would be any network card MAC addresses to use. To solve this problem, I found an old unused network card lying around the house (pictured), and use its MAC address as the basis for generating the Type 1 GUIDs created by this service. Since this network card is no longer in service and is not expected to be in the near future, no other GUID generator should be generating GUIDs based on it.

What’s the difference between a GUID and a UUID?

While a GUID is Globally unique, a UUID is Universally unique. That is to say, a GUID only promises that it’s unique on the planet that it’s generated on, but a UUID promises to be unique in the entire universe. As one might expect, it’s more difficult to confirm uniqueness in the universe without knowing what alien intelligences out there may be attempting to also create UUIDs. This service only creates GUIDs, and that should be enough for most purposes unless you are writing an extraterrestrial application.

I want to create a token to authenticate a user (like a session token) which can’t be predicted by an attacker. Should I use a GUID?

Almost certainly not! GUIDs are designed to be unique, but they are not designed to be unpredictable. Type 1 GUIDs are very predicable by their very nature of being based off of a public MAC address and the current time. Type 4 GUIDs do use 122 bits of randomness (6 bits are dedicated to marking it as a Type 4 version of GUID), and so if using 122 bits of randomness is acceptable for your application, then you could use a Type 4 GUID, but only if created with a cryptographic random number generator. Most GUID generators (including this GUID as a Service) do not promise to use a cryptographic random number generator. In fact, the only GUID generator that I know of which is documented to use one is Java’s UUID.randomUUID(). In general, though, if you need a cryptographic token, use an appropriate library for the job, rather than hacking something together using GUIDs.

Where should I look if I want to learn more about GUIDs?
What were some of the inspirations for creating this service?
How much does using GUID as a Service cost?

It’s absolutely free! Please don’t abuse it.

What’s your SLA?

I reasonably expect that the service to be up more often than not a significant amount of the time. In the event that the service does not meet this goal, you may email me, and I will personally consider writing you a short form-letter apology.