How good is Java's UUID.randomUUID?

Question

I know that randomized UUIDs have a very, very, very low probability for collision in theory, but I am wondering, in practice, how good Java's randomUUID() is in terms of not having collision? Does anybody have any experience to share?

Answer 1

UUID uses java.security.SecureRandom, which is deemed to be "cryptographically strong". While the exact implementation is not determined and can change within JVMs (indicating that any appropriate allegations made are legitimate only for one precise JVM), it ingests mandate that the amount need pass a statistically unpredictable number generator test.

It's infinitely desirable for an implementation to include subtle bugs that break all this (see OpenSSH key production bug) but I don't believe there's any particular purpose to bother about Java UUIDs's randomness.