> The MAC address might still be used on downlevel windows W95 and 98 when
generating UUID's (DCE algorithm), but the UUID generation algorithm has
been changed to a random number on NT based systems years ago.
Other stuff like CPU Id and HW disk numbers have never been part of the
UUID.
Just run uuidgen a couple of times from the commandline and watch the
result, if anything like MAC address would be part of it you would notice
it, right?
This strikes me very odd, since you had a almost guaranteed unique systesm
because the MAC address and CPU ID were completely unique. And this in
combination with a time could generate a really unique GUID. Ok CPU ID can
be deactivated, and the MAC addres could be duplicated, but still most users
would probably have a unique MAC address, so in my opinion this could
improve the uniqueness of the GUID even more.
I always thought that generating perfect random numbers were alsmost
impossible in software. You could come close to it (hence the seed) but it
was not really random. So by not using the MAC address you have an increased
risk that a random number happen to occur 2 times.
So I am wondering why they did this?
Anyway, unique GUID or not, anyone relying on unique numbers should at least
built a protection in his software in case a duplicate GUID is used. Not
because GUID is bad, but because people might generate a fixed GUID on
purpose to crash that software in order to some bad things with it. Hackers
are very good in this.