It probably help with recognition. You probably won't remember if you have seen 'b7b05951-c3d3-4a7f-b65b-122e7d2543d4' before, but you are likely to remember that you have seen 'Cathleen d Dieball the Monolith of Alderson reflects Arly Arnie Keenan and 18 large ants' before (based on the chance that there are no similar uuid)
And if also give you something to read in your head when you see it.
Unless the collision is adversarial. There is a tool that brute forces the generation of SSH server key fingerprints to make the beginning and end look like the one you’re trying to spoof, so someone who knows the first or last few bytes would likely be fooled.
The point of the UUID is that it’s got enough entropy to be unique. If you start reducing it to smaller slices of its entropy, it isn’t a UUID anymore.
I think projects like this that try to make high entropy things appear more human-manageable do more harm than good.
That doesn't make any sense. There's no such thing as an adversarial collision for UUIDs. They're not hashes and don't have any security at all. If you want to use someone else's UUID, you just can!
> If you start reducing it to smaller slices of its entropy
Which it doesn't, as has been explained in the comments already several times.
UUID’s should not be used for “security” they aren’t hashes, or suited to be used as encryption keys or any thing else.
They don’t need to be kept secret as part of their trust model.
There should never be a situation in which the disclosure of a UUID breaks the trust or security model of your application your design is wrong.
Interesting project. Getting a reading in radio spelling is easy to do. But getting correct sentences out of a random predefined length string is way harder.
Interesting project however clearly I am uncultured swine if these are considered "easy to remember", I wonder if it would work with something more lowbrow. Simpsons anymore?
supercalifragilisticexpialidocius is easier to remember than shortids or uuids, but that distincting is meaningless when 1) everyone spells it slightly differently, and 2) who is Mary Poppins?
I love projects like these but it's a bit of a stretch to argue that this one is practically useful.
The entire point of UUIDs is I can quickly generate them knowing that they will be universally unique, I don’t need to check for their existence anywhere.
This dramatically increases the likelihood of collision to the point I can almost certainly guarantee that they won’t be unique in any non-trivial context.
The space of all uuids is larger than the space of all shakespearean uuids. So by definition you can't biject them. You may be able to on able for your subset of uuids in your project, but there is less entropy when using the latter.
edit: It seems the shakespearean uuids are longer than uuids so I may be conpletely wrong
I am doing a project, needed to share secrets on submission and UUIDs are not cool, sharing these Shakespearean sentences is cool. Entropy is not lost, I will add an inversion. it's a pure bijection.
Why reduce the entropy just to make it look pretty ?
As for the people who say oh, but I can't remember/recognise "e0e93156-c68b-493d-bf31-19048db7dd9e"...
Well sure, but git invented that wheel before you. Just use the last 11 characters for local discussions/notes/whatever.
Finally, what about people who are non-native/fluent in English ?
"e0e93156-c68b-493d-bf31-19048db7dd9e" flows accross borders and languages
"Romeo Romeo Where For Art Thou Romeo" could easily be meaningless gibberish for a non-native/fluent English speaker, and also opens up totally un-necessary issues of pronunciation and spelling.
There is also the possibility certain words might mean something different in another language. Such as the famous Colgate in Spanish which means "go hang yourself" !
I'm not claiming to be the world's leading expert on UUIDs but you must be loosing something somewhere ? If its not entropy, you must be opening yourself up to collisions or something ?
Why ? It looks like those ShakespeareIDs (SIDs) are much longer than UUIDs. So I am not sure how you reach the conclusion than the count of possible SIDs is smaller than UUIDs. The author mentions its a bijection, meaning for every UUID you can generate its corresponding SID and vice versa. This, in turn, means there is no higher probability of collision in the SID space than in the UUID one.
> Why reduce the entropy just to make it look pretty ?
You assume a loss of entropy, why? The usage section describes a way to get a "readable UUID" by passing an existing, regular UUID. The reverse operation doesn't seem to be implemented yet though.
const id = require('uuid-readable')
const uuid = require('uuid')
var buf = new Array()
uuid.v4({}, buf)
console.log(id(buf))
I built something like this for Python[1]. To get UUID-like uniqueness requires often way too many words, even if the Shakespearean-style might make this easier to remember (but also increadibly difficult for non-native speakers to understand).
For human-id I just went with groups of the 100 most common adjetives, nouns and verbs combined together in roughly the order they would appear in a sentence.
The output is nonsenese, of course, but I hope the combination of words understandable to anyone with a basic knowlegde of English might help.
"Cathleen d Dieball the Monolith of Alderson reflects Arly Arnie Keenan and 18 large ants"
Are equally poor representations of a UUID. Typically "human IDs" are useful for quick recognition or transferring over "voice" which neither of these approaches work well with (I'm biased, but IMO the first one is better for transferring over voice due to simpler words).
Human IDs shine when you have a comparitively tiny set of "things", like nodes in a cluster or Docker containers, and humans are heavily involved with accessing them. In this case a UUID is overkill but you want the UUID like gaurantees of universal uniqueness combined with more human recognizable identifiers.
An ID like "appear-hard-idea-case" is good because it nets you a high number of unique names but is also short enough to remember and speak aloud with a high probability that someone listening to you can type it out, word for word, with no issue.
tl;dr - never be in a position to need to have to "speak" or memorize a UUID.
Grammatically correct gives us an edge on remembering. I made this because, I wanted to share secrets for a service, that don't collide and Shakespeare plus grammatically correct sentences are cool while UUIDs and random words are not!
I'm not sure I understand, while I can follow the logic that grammatically correct might make in easier to remember, doesn't using uncommon vocabulary and, by modern standards, strange structure defeat the whole point?
From the page:
> Jacquette Brandtr Johm the Pectus of Barnsdall doubted Glenn Gay Gregg and 12 noisy stoats
As a non-native English speaker Brandtr doesn't look like an English word, Johm looks like a typo, Jacquette looks French (and contains a cluster of four letters for a single k sound) and I wasn't sure what a stoat was (my first guess was a type of goat).
I definitely find orf's version a lot more practical.
Sure, my point is that IMO they're not very memorable or real-looking names. "Elisabeth Brown Presley" feels a lot more natural and memorable than "Jacquette Brandtr Johm", at least as far I'm concerned.
I think OP's point was that while they might give an 'edge', said edge doesn't really help if the result is still to most people impossible to remember.
when i edit /etc/fstab, i found myswlf wishing for more readable UUIDs. the benefit of the UUID is that it is locked to the device, so why not something readable like: two-terabyte-7500-rpm-harddisk and 250-gigabyte-solid-state-disk
I did something like this to autogenerate host names. Then a colleague pointed out he'd done the same using dict words and got in some hot water due to politically incorrect combinations. I punted and used the output of ls /etc, /bin and /usr/bin, so hostnames end up like ifconfig-du-passwd instead. This is just temporary to make them slightly easier to read and parse as a human until we map serial number to asset name and then use that.
Did something similar for a chat app and the first week we released it had an angry support call asking why we’d labeled one of their customers “bloated sloth” (I don’t recall the exact adjective-animal combo but it was similar).
This is what happens when engineers try to be playful.
What is the use case for having to remember UUIDs?
I can see how it might speed up writing say, SQL queries if you don't have to look up the UUID but not sure that this warrants the effort of committing this to memory.
In a recent project I did this using colour. This was an logging/audit interface, where each line may include one or more UUIDs.
For each UUID I 1) truncated it, 2) gave it a background colour based on the UUID itself, and 3) prefixed it with an icon for the object type.
The overall effect was actually pretty good. One could easily scan the list for the same UUIDs based on the colour, and the icon added clarity as to what was being referred to
Human readable IDs make sense in a lot of places. Like if a customer wants information about their order or looking up a user in a system. It's easier to say and understand words than a long string of letters and numbers.
> Duplicate IDs shouldn't happen unless you have a bug.
One of the benefits of UUIDs is that you don't have to check for duplicate IDs since the chance of generating the same UUID twice is effectively 0. If you use a system with less randomness then you do have to implement a duplicate check. Which isn't practical when you're working at large scale.
I'm a big believer that primary keys shouldn't be exposed to users. Make a secondary key with 1/4 the entropy if your users are going to need to see something. And then when you show _that_ to your users, encode it with Crockford base-32.
I think we are confusing one of the uses for word-based identifiers.
It's not memorizing them that's the goal. It's communicating them to another person.
IPFS and some of its predecessors have had to struggle with this problem. If you want an identifier that relates to the contents of the file, then you have an identifier that can't be transcribed easily.
The problem is though that the density doesn't go up very fast with additional words. Another poster pointed to his solution that only involves 300 words, and to represent a UUID takes 15 words.
If you made the dictionary 600 words it still takes 14 words to represent a UUID. :/
I believe v4 is what you actually want [1]. By default it looks like `uuid` generates a v1 id, which as you said will produce duplicates if you call it too quickly.
Maybe your tool is different from the one installed on my machine because when I use the `-r` option I just get garbage back. This leads me to believe it's returning the uuid as raw bytes when I pass that option.
It depends on the person too. I struggle to remember six digits and forget them in hours, but my partner somehow manages to instantly memorize credit card numbers at a glance and retain them for months. I thought she was tricking me at first, but I tested her and its genuine. I guess some people are just gifted with very good memories.
it's difficult to remember sequences with no meaning, but if you can remember them as objects (eg, a product key with combinations of 5 letter+number sequences) it becomes easier.
A little trick to remember long things like a diceware passphrase for example is to develop the muscle memory for it starting with the first three words. When those three words have been ingrained/burned into memory, you add another two words, and over time increase the amount of words until the whole phrase is memorized. It seems obvious, but you would be surprised about how many people try to remember the whole phrase on the spot without developing it in small parts, over time.
It doesn't have to be 32 characters/digits... You can express them with a broader character set, which will reduce the length some... if we add additional glyphs the expression can be shorter still.
If you use a combined uuid (partially random, partially by date-time), it could be easier to remember 2020-07-15-ch99izy332 or similar... then you can take the date portion which is easier to segment (for some) and a shorter string of the subset of characters used for VIN or similar... all lowercase, and making 1 and l the same as well as 0/O, 5/S, and a few others.
Just some thoughts on this. For that matter, you could use emoji for some of those glyphs.
dude cards are just numbers, uuids has alphas also, but said that it’s easier to remember some words in readable uuid than chars in weird order. Sure some people can remember them, I wouldn’t disagree
This is a fun project, but for practical purposes I think the PGP Word List [1] would be more useful. It encodes any bytes (UUID or otherwise) as common words from a list chosen for distinct sounds.
I've been ideating about a base-48 (KJNTPBMYRVSH vs AIOU) version of decimal ids. Ids like "sunihuvi" or "panimaso" which are (hopefully) memorable and easy to pronounce with any accent. 5 letters can encode till 254803968.
Algorithm wizards, can I get error correction if I dedicate a character for that?
99 comments
[ 2.2 ms ] story [ 178 ms ] threadHowever, an online demo will be nice to have.
Example from Thepsis:
ALL. Goodness gracious How audacious Earth is spacious Why come here? Our impeding Their proceeding Were good breeding That is clear.
DIA. Jupiter, hear my plea. Upon the mount if they light. There'll be an end of me. I won't be seen by daylight.
AP. Tartarus is the place These scoundrels you should send to-- Should they behold my face. My influence there's an end to.
If that's not your thing try Tennessee Williams or Arthur Miller. Gilbert and Sullivan are all public domain so that's nice.
You could also go dramatically the other way and use flytings for your corpus: https://en.m.wikipedia.org/wiki/Flyting
There's probably clever ways to get the right entropy from their body of work while not turning it into word salad, best of luck.
And if also give you something to read in your head when you see it.
"Oh, you mean the 18 ants object?"
The point of the UUID is that it’s got enough entropy to be unique. If you start reducing it to smaller slices of its entropy, it isn’t a UUID anymore.
I think projects like this that try to make high entropy things appear more human-manageable do more harm than good.
> If you start reducing it to smaller slices of its entropy
Which it doesn't, as has been explained in the comments already several times.
Doesn't change the fact that it allow easier recognition, but you need to double-check it. (Not sure why I need to explicitly state that)
There should never be a situation in which the disclosure of a UUID breaks the trust or security model of your application your design is wrong.
I love projects like these but it's a bit of a stretch to argue that this one is practically useful.
http://www.pangloss.com/seidel/Shaker/
It only encodes ~18 bits of information per insult, but it’s a good starting point.
The entire point of UUIDs is I can quickly generate them knowing that they will be universally unique, I don’t need to check for their existence anywhere.
This dramatically increases the likelihood of collision to the point I can almost certainly guarantee that they won’t be unique in any non-trivial context.
This still has all eight bytes, from the generated UUID, and looks like it can be converted back into a UUID.
edit: It seems the shakespearean uuids are longer than uuids so I may be conpletely wrong
UUID = --> universally unique <-- identifier
Why reduce the entropy just to make it look pretty ?
As for the people who say oh, but I can't remember/recognise "e0e93156-c68b-493d-bf31-19048db7dd9e"...
Well sure, but git invented that wheel before you. Just use the last 11 characters for local discussions/notes/whatever.
Finally, what about people who are non-native/fluent in English ?
"e0e93156-c68b-493d-bf31-19048db7dd9e" flows accross borders and languages
"Romeo Romeo Where For Art Thou Romeo" could easily be meaningless gibberish for a non-native/fluent English speaker, and also opens up totally un-necessary issues of pronunciation and spelling.
There is also the possibility certain words might mean something different in another language. Such as the famous Colgate in Spanish which means "go hang yourself" !
You assume a loss of entropy, why? The usage section describes a way to get a "readable UUID" by passing an existing, regular UUID. The reverse operation doesn't seem to be implemented yet though.
But man, the way you asked it. Assumed it was not possible even after the author replies saying they can mathematically prove it.
Why ask the question if you're just going to stick your head in the ground?
Downvoted.
For human-id I just went with groups of the 100 most common adjetives, nouns and verbs combined together in roughly the order they would appear in a sentence.
The output is nonsenese, of course, but I hope the combination of words understandable to anyone with a basic knowlegde of English might help.
1. https://github.com/orf/human_id
I personally don't think the gramatically correct sentence helps here. To me,
"may-hold-come-foreign-low-white-cold-team-point-study-others-home-service-body-child"
and
"Cathleen d Dieball the Monolith of Alderson reflects Arly Arnie Keenan and 18 large ants"
Are equally poor representations of a UUID. Typically "human IDs" are useful for quick recognition or transferring over "voice" which neither of these approaches work well with (I'm biased, but IMO the first one is better for transferring over voice due to simpler words).
Human IDs shine when you have a comparitively tiny set of "things", like nodes in a cluster or Docker containers, and humans are heavily involved with accessing them. In this case a UUID is overkill but you want the UUID like gaurantees of universal uniqueness combined with more human recognizable identifiers.
An ID like "appear-hard-idea-case" is good because it nets you a high number of unique names but is also short enough to remember and speak aloud with a high probability that someone listening to you can type it out, word for word, with no issue.
tl;dr - never be in a position to need to have to "speak" or memorize a UUID.
From the page:
> Jacquette Brandtr Johm the Pectus of Barnsdall doubted Glenn Gay Gregg and 12 noisy stoats
As a non-native English speaker Brandtr doesn't look like an English word, Johm looks like a typo, Jacquette looks French (and contains a cluster of four letters for a single k sound) and I wasn't sure what a stoat was (my first guess was a type of goat).
I definitely find orf's version a lot more practical.
A stoat is one of these: https://en.wikipedia.org/wiki/Stoat
I just tried one now, it gave me "Kerianne Granny Dorise the Pulchritude of Belknap preserved Anissa Gareth Elery and 26 dead bees"
What are the chances of someone spelling "Pulchritude" correctly ? Especially a non-native/non-fluent person ?
And will an American spell "Dorise" as "Dorize" if you're telling them that word on the phone ?
And the case-sensitivity of the whole thing ?
Just give me old fashioned UUID's any way of the week ! Case-insensitive and no concerns about spelling.
I'd pronounce it as "Doris", maybe adding "-with-an-e" but a French person would pronounce it "Dohreeze" according to the internets.
Dunno if that would make an American lean toward "Dorise" rather than "Dorize" though.
Now that I know it means "to become Doric in manner or style", I do not know how I could have missed this obvious meaning :)
Depends very much on whether they studied Latin.
I think a lot of people would see "Dorise" in the abpve phrase and write "Doris".
if the UUID can be set arbitrarily then that's just another label.
That's pretty hilarious
This is what happens when engineers try to be playful.
I can see how it might speed up writing say, SQL queries if you don't have to look up the UUID but not sure that this warrants the effort of committing this to memory.
For each UUID I 1) truncated it, 2) gave it a background colour based on the UUID itself, and 3) prefixed it with an icon for the object type.
The overall effect was actually pretty good. One could easily scan the list for the same UUIDs based on the colour, and the icon added clarity as to what was being referred to
For example, instead of invoice #306889086579, use an ID like R2020-06-14951.
Them being guessable shouldn't be an issue if you have proper access controls.
...which means that not being random opens you up to potential bugs and security issues...
I think I changed my own mind while typing this and I agree with you.
One of the benefits of UUIDs is that you don't have to check for duplicate IDs since the chance of generating the same UUID twice is effectively 0. If you use a system with less randomness then you do have to implement a duplicate check. Which isn't practical when you're working at large scale.
It's not memorizing them that's the goal. It's communicating them to another person.
IPFS and some of its predecessors have had to struggle with this problem. If you want an identifier that relates to the contents of the file, then you have an identifier that can't be transcribed easily.
The problem is though that the density doesn't go up very fast with additional words. Another poster pointed to his solution that only involves 300 words, and to represent a UUID takes 15 words.
If you made the dictionary 600 words it still takes 14 words to represent a UUID. :/
[0] https://uuid.rocks/
It's built on Cloudflare Workers so it scales fine and doesn't cost me anything since I use Workers for other projects anyway.
Maybe your tool is different from the one installed on my machine because when I use the `-r` option I just get garbage back. This leads me to believe it's returning the uuid as raw bytes when I pass that option.
[1] https://en.wikipedia.org/wiki/Universally_unique_identifier#...This is considered shakespearean? Cool idea, but i think the implementation needs some work.
Is it, though?
Plenty of folks memorise 16-digit credit card numbers - I've known retail employees who can recite those back after reading them just once.
Back when I was a sysadmin, I taught myself to type 25-digit Windows product keys from memory.
32 digits doesn't seem an unreasonable stretch, given time and practice.
Someone memorized 70,000 digits of pi: https://www.guinnessworldrecords.com/world-records/most-pi-p...
If you use a combined uuid (partially random, partially by date-time), it could be easier to remember 2020-07-15-ch99izy332 or similar... then you can take the date portion which is easier to segment (for some) and a shorter string of the subset of characters used for VIN or similar... all lowercase, and making 1 and l the same as well as 0/O, 5/S, and a few others.
Just some thoughts on this. For that matter, you could use emoji for some of those glyphs.
[1] https://en.wikipedia.org/wiki/PGP_word_list
A slightly different take on the same sort of problem.
Algorithm wizards, can I get error correction if I dedicate a character for that?