4

GUIDs are typically used for uniquely identifying all kinds of entities - requests from external systems, files, whatever. Work like magic - you call a "GiveMeGuid()" (UuidCreate() on Windows) function - and a fresh new GUID is here at your service.

Given my code really calls that "GiveMeGuid()" function each time I need a new GUID is there any not so obvious way to misuse it?

sharptooth
  • 167,383
  • 100
  • 513
  • 979
  • Everything works. Or is there a problem you want to solve? – Tobu Dec 15 '09 at 13:40
  • you're not gonna run out of GUID's any time soon =) – David Hedlund Dec 15 '09 at 13:40
  • What do you mean by "misuse"? A Guid is just a value, you can use it in whatever way you want, just like any other value. The function you're calling just does certain calculations that (almost) guarantee the value is unique, I don't think it can be abused. – Rory Dec 15 '09 at 13:41
  • @Tobu: I really look for things to watch for in my application design. Something like we assign a new GUID to each new request. May it be that if requests come too often and there's some resource shortage and the moonphase is wrong we get duplicates? Something like that, but of course with normal reasoning. – sharptooth Dec 15 '09 at 13:43
  • There may be bad GUID generators, but once you have a good one, your GUIDs are global and unique, and I don't see how to misuse that. – Tobu Dec 15 '09 at 14:01
  • @Tobu: there can be no "guarantees" at this scale: you would need to have a global brokering system. You can only have "probabilistic guarantees". – jldupont Dec 15 '09 at 14:09

5 Answers5

4

Just found an answer to an old question: How deterministic Are .Net GUIDs?. Requoting it:

It's not a complete answer, but I can tell you that the 13th hex digit is always 4 because it denotes the version of the algorithm used to generate the GUID (id est, v4); also, and I quote Wikipedia:

Cryptanalysis of the WinAPI GUID generator shows that, since the sequence of V4 GUIDs is pseudo-random, given the initial state one can predict up to the next 250 000 GUIDs returned by the function UuidCreate. This is why GUIDs should not be used in cryptography, e.g., as random keys.

So, if you got lucky and get same seed, you'll break 250k mirrors in sequence. To quote another Wikipedia piece:

While each generated GUID is not guaranteed to be unique, the total number of unique keys (2128 or 3.4×1038) is so large that the probability of the same number being generated twice is extremely small.

Bottom line: maybe a misuse form it's to consider GUID always unique.

Community
  • 1
  • 1
Rubens Farias
  • 57,174
  • 8
  • 131
  • 162
  • That Wikipedia claim turned out to be false: you can only make these predictions with access to the full internal state of the generator, not from a list of GUID's. – Steven Sudit May 19 '10 at 21:56
2

It depends. Some implementations of GUID generation are time dependant, so calling CreateGuid in quick succession MAY create clashing GUIDs.

edit: I now remember the problem. I was once working on some php code where the GUID generating function was reseeding the RNG with the system time each call. Don't do this.

DanDan
  • 10,462
  • 8
  • 53
  • 69
1

The only way I can see of misusing a Guid is trying to interpret the value in some logical manner. Not that it really invites you to do so, which is one of the characteristics around Guid's that I really like.

Fredrik Mörk
  • 155,851
  • 29
  • 291
  • 343
1

Maybe the entropy could be manipulated by playing with some parameters used to generate the GUIDs in the first place (e.g. interface identifiers).

jldupont
  • 93,734
  • 56
  • 203
  • 318
1

Some GUIDs include some identifier of the machine it was generated on, so it can be used in client/server environments, but some can't. Be sure if yours doesn't to not use them in, for instance, a database multiple clients access.

dj_segfault
  • 11,957
  • 4
  • 29
  • 37