19

I'm generating an encryption key to encrypt some sensitive data with the Rijndael (AES) encryption algoritm. I'm using a guid as key generator. Are these keys "strong" enough?

Note: it is only sensitive for 20 minutes.

Kees C. Bakker
  • 32,294
  • 27
  • 115
  • 203
  • Reminds me of this: http://blogs.msdn.com/b/oldnewthing/archive/2004/02/11/71307.aspx. On a serious note, you may wish to generate keys using a tool that has a less predictable pattern and format. – jamiecon Jun 07 '11 at 15:25
  • You might want to take a look at http://stackoverflow.com/questions/643445/how-easily-can-you-guess-a-guid-that-might-be-generated – Zruty Jun 07 '11 at 15:27
  • 5
    The only thing in common between Raymond's blog post and this question is the fact that they both talk about GUIDs... – Cody Gray - on strike Jun 07 '11 at 15:27
  • Yeah it was weak, I'll admit. I just love the idea of being able to claim a hammer is a legitimate programming tool. If he does decide to use GUIDs for keys, perhaps he should periodically destroy the NIC in the server he's using to generate them :-) – jamiecon Jun 07 '11 at 15:38
  • 1
    @Jamie: GUIDs are no longer based on MAC addresses, and haven't been for quite a long time. Conspiracy theorists thought that was a way for Big Brother to track them. – Cody Gray - on strike Jun 07 '11 at 15:40
  • Well, now I just look foolish for two reasons. Ahh well! – jamiecon Jun 07 '11 at 15:50
  • 1
    @Jamie: Haha, sorry about that! Wasn't my intention. Respect for reading Raymond's blog, though. I too take every opportunity to link to it. If more developers read it, we'd really be a lot better off. Some things (like that particular post) are of historical interest only. But other things have practical, real-world application and should be taken to heart by anyone who does Win32 programming. – Cody Gray - on strike Jun 07 '11 at 15:53
  • "GUIDs are no longer based on MAC addresses" - mostly true, but Windows still has the UuidCreateSequential API that does use MAC addresses: http://msdn.microsoft.com/en-us/library/windows/desktop/aa379322(v=vs.85).aspx – Joe Jan 11 '12 at 08:37

4 Answers4

21

No. The GUID keys can be predicted, at least those generated by .NET / WinAPI. Also keep in mind that the GUID does not even have a true 128bit randomness, because the version number is fixed. This gives you a very weak key in the first place.

To make matters worse, several versions of the GUID algorithm suffer from predictability. The point is that GUIDs are not created at random, but they follow certain rules to make it practically impossible for GUIDs to collide.

As discussed in the comments, GUID V1 suffered from privacy issues (or, the other way around, weaker keys) because the MAC address was used to generate them. With GUID V4, there are still ways to predict the sequence according to the (russian) source below.

Fortunately, .NET has cryptographically strong random generators on board. The RNGCryptoServiceProvider is your friend:

RNGCryptoServiceProvider _cryptoProvider = new RNGCryptoServiceProvider();
int fileLength = 8 * 1024;
var randomBytes = new byte[fileLength];
_cryptoProvider.GetBytes(randomBytes);

You might want to refer to:

How can I generate a cryptographically secure pseudorandom number in C#? -- shows alternatives and in a comment, the link to Wikipedia is given:

http://en.wikipedia.org/wiki/Globally_Unique_Identifier

In there, it is claimed (according to wikipedia, the page is in Russian)that one can predict previous and future numbers generated:

http://www.gotdotnet.ru/blogs/denish/1965/

Community
  • 1
  • 1
mnemosyn
  • 45,391
  • 6
  • 76
  • 82
  • 1
    the "can be predicted" boogey man was put the bed years ago. GUIDs are a safe random number – Neil N Jun 07 '11 at 15:26
  • 1
    @Neil That depends on how they're generated, though. Some algorithms do use machine information which, if you know, you'll at least make a brute force attack go quicker. – Paul Jun 07 '11 at 15:27
  • 1
    Links are there now - the actual source is in Russian, and cryptography is not an easy beast. But since the algorithm must satisfy a number of constraints, it sounds reasonable that it is not crypto strong. – mnemosyn Jun 07 '11 at 15:29
  • @Paul: that's the "years ago" part I was referring to. – Neil N Jun 07 '11 at 15:31
  • 2
    @Neil: I edited my answer. The years ago part is GUID V1, but the problem persists because GUIDs aren't meant to be random in the first place, so they must know their previous state to prevent from collisions. So GUID V4 is still predictable (albeit not easily). – mnemosyn Jun 07 '11 at 15:42
  • @mnemosyn thanks for the explanation and thanks for providing an alternative! – Kees C. Bakker Jun 08 '11 at 07:22
18

No, GUIDs are not cryptographically secure. They follow an extremely predictable and well-documented pattern, and they're fairly short as far as truly secure keys go. But more to the point, you're misusing GUIDs by doing this. This is not what they were designed for. They're globally unique identifiers. The only guarantee you get is that each of them is unique. A sophisticated hacker will make child's play of reverse engineering a GUID.

Use the functions provided by the System.Security.Cryptography namespace, instead. That's what they're designed for. Read up on cryptographically secure pseudo-random number generators.

Cody Gray - on strike
  • 239,200
  • 50
  • 490
  • 574
  • Correct. The GUID only represents 128 bits of *information*, regardless of the string or numerical storage format. A good key should be long than that. – Jason Kleban Jun 07 '11 at 15:34
  • +1 for the fact that GUID have a specific unicity purpose. However, I don't think it's "child's play" with V4 guids (and for some more on this http://msdn.microsoft.com/en-us/library/cc246027.aspx) – Simon Mourier Jun 07 '11 at 15:38
  • @Simon: You must not be a "sophisticated" hacker, then. ;-) Perhaps that's an exaggeration, but it's not a particularly relevant one, so I'll let it stand. – Cody Gray - on strike Jun 07 '11 at 15:39
  • 1
    The actual entropy of the GUID is even lower, because at least one byte is reserved (for the version number). – mnemosyn Jun 07 '11 at 15:40
1

I would not use a GUID for the key to encrypt data. Look at some of the implementations of the UUID protocol: UUID they can be predicted as they're computed to be unique, not random. I'd look into the using System.Security.Cryptography namespace for objects like "TripleDESCryptoServiceProvider" for sensitive data personally.

Brandon Moretz
  • 7,512
  • 3
  • 33
  • 43
0

Consider using this, or an equivalent random string generator: http://msdn.microsoft.com/en-us/library/aa379942%28VS.85%29.aspx

jamiecon
  • 1,770
  • 3
  • 19
  • 32