Transaction GUIDs [Was: Writing a Sharp Zaurus PDA GnuCash Companion]

Colin Pinkney
Thu, 19 Sep 2002 10:28:01 +0100

Thanks for the reply.

So basically using /proc/sys/kernel/random/uuid should be ok then? AFAIK
the GUID is only used for uniquely identifying a single transaction or
other element, right? I didn't think it was used in any security stuff.

Colin (Linas Vepstas) on 18/09/2002 07:12:42

Sent by:

To:   Colin Pinkney <>

Subject:  Re: Transaction GUIDs [Was: Writing a Sharp Zaurus PDA GnuCash

repsonding to very old email,
now that I am getting email again...

On Fri, Aug 23, 2002 at 12:38:40PM +0100, Colin Pinkney was heard to
> I was just looking at how GUIDs are generated, but couldn't quite figure
> out. Seems to  have something to do with randomly selecting md5sums of
> files that constantly change.
> I'm know very little about pseudo-random algorithms and want to keep it
> simple so I'm hoping /proc/sys/kernel/random/uuid has enough entropy. But
> guess in the end as long as it's a unique 128bit number (stored in hex
> format) it doesn't really matter, does it?

it matters a lot. md5 has been mathematically proven to generate unique
id's.  Most all naive algorithms fail to do so, in ways that seem subtle
to the naive developer but are well knows to crypto types and hackers.

(the linux kernel uuid algo is probably quite good.)


pub  1024D/01045933 2001-02-01 Linas Vepstas (Labas!) <>
PGP Key fingerprint = 8305 2521 6000 0B5E 8984  3F54 64A9 9A82 0104 5933
gnucash-devel mailing list