The documentation for OPVault claims that:
each item is associated with a universally unique identifier, the UUID. These are 128-bit numbers that are chosen as RFC 4122 Version 4 UUIDs
and that 1Password uses OPVault in CloudKit records:
The OPVault security design is not limited to the OPVault file format. Indeed, we use the OPVault design within SQLite data records and CloudKit records.
The 1Password UUID format doesn't quite look like an RFC 4122 UUID. They're a bunch of 26-character strings, but I can't quite seem to translate them to a proper UUID.
it fits the base32 alphabet of RFC 4648, but yields malformed UUIDs when padded out.
Are these actually RFC 4122 UUIDs? If so, what encoding scheme are they using here?
more to the point, I'm wondering if the UUIDs leak any information. The docs for 1Password's OPVault UUIDs claim that
Because each UUID is chosen at random, it contains no information about the content of an item. These UUIDs reveal no information about the creators system other that than the fact that they are RFC 4122 Version 4 UUIDs. When a user modified information in an item the UUID remains the same, although the time stamp associated with it will change.
but I'm not sure this is still true of the new (?) format.
1Password Version: 7.2.5
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: 1password.com