RFC 4122 defines a special type of Globally Unique IDentifiers (GUID), as well as several methods for producing them. One such method, described in section 4.4, is based on truly random or pseudo-random number generators.
The algorithm for version 4 UUIDs (ie. those based on random number generators) states that all 128 bits separated into the various fields (32 bits, 16 bits, 16 bits, 8 bits and 8 bits, 48 bits) should be random, except:
- the version number should be the last 4 bits in the 3rd field, and
- bits 6 and 7 of the 4th field should be 01.
Method 1 produces pseudo-random numbers with the Mersenne Twister, and always limits single generated numbers to 16 bits (ie. the decimal value 65535). That is because, even on 32-bit systems, PHP’s RAND_MAX will often be the maximum signed value, with only the equivalent of 31 significant bits. Producing two 16-bit random numbers to make up a 32-bit one is less efficient, but guarantees that all 32 bits are random.
Method 2 function uses the server clock to generate a unique string based on the microsecond. The remote IP address (without periods) is appended to the front to make it even more random. This way, even if two codes are generated in the same microsecond, they will still be different.
Method 3 generates a GUID in the same way as DCE UUID’s, except that the Microsoft convention is to enclose a GUID in curly braces.
Method 4 generates a prefixed unique identifier based on the current time in microseconds. The returned string will be 13 characters long.
Method 5 generates a prefixed unique identifier based on the current time in microseconds. The returned string will be 23 characters long.