Menu
Pros:
Cons:
In particular; what about for passwords that computers enter like for databases logins on some setups.
286
For example, one person wondered whether it was okay to use the first eight characters of a GUID as a temporary account password. This is a really bad idea. GUIDs are designed for uniqueness, not for security.
So as long as nobody knows that you use a GUID, the password is harder to crack. Once the attacker knows that he is seeking a GUID, the effort needed for a brute force attack reduces. From that point of view, it is security by obscurity.
GUIDs are guaranteed to be unique and that's about it. Not guaranteed to be be random or difficult to guess.
Definitely not random. Similarly, the person who wanted to use a GUID for password generation would find that the passwords are totally predictable if you know what time the GUID was generated and which computer generated the GUID (which you can get by looking at the final six bytes from some other password-GUID).
One major con is that you don't necessarily have "128 bits of entropy" as stated in the original question.
Many GUID Algorithms have information embedded in them in predictable patterns, for example the MAC address of the computer, the date/time, or an incrementing sequence. Cryptanalysis of the WinAPI GUID has shown given the initial state one can predict up to next 250,000 GUIDs returned by the function UuidCreate
For example, I have about a 50% chance of guessing the first digit in the first position of the third group of digits since it will be either 1 (for V1 guids) or 4 (for V4 guids)
Source: http://en.wikipedia.org/wiki/Globally_Unique_Identifier
133
Cons:
So unless they're system passwords which change rarely, I doubt they are good passwords.
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
