17

I have searched multiple resources online, but so far have been unable to find a definitive answer to the question of whether Microsoft's GUID generation mechanism is secure enough to warrant it's use as a unique ID across an application.

To clarify, by 'secure enough', I mean to ask whether the algorithm used to generate the GUID has any known weaknesses or vulnerability that could reduce the effective randomness of the GUID i.e. result in a non-negligible number of collisions. If no, does this mean the GUID is completely unguessable, and if yes, is there some way to seed the GUID generator function to effectively increase the randomness of the generated GUID.

Based on the information specified in MSDN guide here (http://msdn.microsoft.com/en-us/library/system.guid.aspx) is there any indication that the system used to generate the GUID can be relied upon to be sufficiently random.

Thanks!

pnuts
  • 58,317
  • 11
  • 87
  • 139
raTM
  • 399
  • 1
  • 4
  • 16

2 Answers2

23

I'm going to disagree with the accepted answer. While it's generally a bad idea to go against the advice of an RFC, in this case I was able to find MSDN documentation specifying that Microsoft indeed took the obvious, helpful route and tied a cryptographically-secure RNG into the generation of v4 GUIDs:

According to https://msdn.microsoft.com/en-us/library/system.guid.newguid(v=vs.110).aspx, .NET's GUID creation just wraps the Windows functions CoCreateGuid and UuidCreate. And according to http://download.microsoft.com/download/5/0/1/501ED102-E53F-4CE0-AA6B-B0F93629DDC6/Windows/%5BMS-WSO%5D.pdf, since Windows 2000 back in 1999,

"the random bits for all version 4 GUIDs built in Windows are obtained via the Windows CryptGenRandom cryptographic API or the equivalent, the same source that is used for generation of cryptographic keys"

So I'd say you could call them cryptographically secure -- at least to the extent of the 122 bits of entropy they provide.

Jordan Rieger
  • 3,025
  • 3
  • 30
  • 50
  • 1
    This answer has become inaccurate in the new .Net core days. Whilst that may be the implementation on Windows, on Unix, the underlying calls are to `SystemNative_GetNonCryptographicallySecureRandomBytes`. – James_pic Apr 24 '20 at 09:30
  • @James_pic Interesting, do you have a source for that? – Jordan Rieger Apr 24 '20 at 16:26
  • 3
    https://github.com/dotnet/runtime/blob/b24e9cd0996c688fd627fc1698986097e54103cd/src/libraries/System.Private.CoreLib/src/System/Guid.Unix.cs#L13 calls https://github.com/dotnet/runtime/blob/b24e9cd0996c688fd627fc1698986097e54103cd/src/libraries/Common/src/Interop/Unix/System.Native/Interop.GetRandomBytes.cs#L15 - although interestingly, despite the name, it appears that the implementation of SystemNative_GetNonCryptographicallySecureRandomBytes actually uses either /dev/urandom or RC4 - the former of which is generally secure, and the latter of which is only a bit insecure. – James_pic Apr 24 '20 at 17:01
  • 2
    The second link no longer works, here is the archive document from Microsoft: http://download.microsoft.com/download/5/0/1/501ED102-E53F-4CE0-AA6B-B0F93629DDC6/Windows/%5BMS-WSO%5D.pdf – Adam Oakley Oct 13 '20 at 18:20
  • @AdamOakley thanks, I've updated the answer with that. – Jordan Rieger Oct 13 '20 at 21:40
  • 1
    It looks like the documentation [guarantees](https://learn.microsoft.com/en-us/dotnet/api/system.guid.newguid?view=net-6.0#:~:text=On%20Windows%2C%20this%20function%20wraps%20a,generate%20122%20bits%20of%20strong%20entropy.) 122 bits of strong entropy on all platforms starting with .NET 6. – J. Bierema Jul 07 '23 at 21:44
16

No. The goal of the Guid is to be unique, but cryptographically secure implies that it is unpredictable. These goals sometimes, but not always, align.

If you want cryptographically secure, then you should use something like RNGCryptoServiceProvider

See also:

The key point in both the above links is that Microsoft's Guid is an implementation of UUID, and the UUID spec indicates that they should not be used as security tokens:

Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example. A predictable random number source will exacerbate the situation.

Community
  • 1
  • 1
explunit
  • 18,967
  • 6
  • 69
  • 94
  • Thanks @explunit. I had read the two links you posted (they showed up as suggested duplicates when I was typing out this question). – raTM Jul 02 '13 at 20:07
  • 1
    That said, it happens that some implementations, including in Python, Java, and Ruby, DO generate cryptographically secure guids. See https://news.ycombinator.com/item?id=10631806 – Elroy Flynn Nov 01 '17 at 15:08