Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are there any drawbacks to relying on the System.Guid.NewGuid() function when looking for unique IDs for data?

Tags:

c#

asp.net-4.0

I'm looking to generate unique ids for identifying some data in my system. I'm using an elaborate system which concatenates some (non unique, relevant) meta-data with System.Guid.NewGuid()s. Are there any drawbacks to this approach, or am I in the clear?

like image 282
blueberryfields Avatar asked Apr 18 '12 20:04

blueberryfields


People also ask

Is GUID NewGuid secure?

The random GUIDs you create with the Guid. NewGuid method are not known to be cryptographically secure. Thus, it's theoretically possible for a user to predict a GUID value that you generate for another user or task and use this to exploit weaknesses in your system.

Is GUID NewGuid unique?

Multiple threads allocating new guids will get unique values, but you should get that the function you are calling is thread safe.

What is GUID NewGuid ()?

This is a convenient static method that you can call to get a new Guid. The method creates a Version 4 Universally Unique Identifier (UUID) as described in RFC 4122, Sec.

What makes a GUID unique?

How unique is unique? A GUID is a unique number that can be used as an identifier for anything in the universe, but unlike ISBN there is no central authority - the uniqueness of a GUID relies on the algorthm that was used to generate it.


1 Answers

I'm looking to generate unique ids for identifying some data in my system.

I'd recommend a GUID then, since they are by definition globally unique identifiers.

I'm using an elaborate system which concatenates some (non unique, relevant) meta-data with System.Guid.NewGuid(). Are there any drawbacks to this approach, or am I in the clear?

Well, since we do not know what you would consider a drawback, it is hard to say. A number of possible drawbacks come to mind:

  • GUIDs are big: 128 bits is a lot of bits.

  • GUIDs are not guaranteed to have any particular distribution; it is perfectly legal for GUIDs to be generated sequentially, and it is perfectly legal for the to be distributed uniformly over their 124 bit space (128 bits minus the four bits that are the version number of course.) This can have serious impacts on database performance if the GUID is being used as a primary key on a database that is indexed into sorted order by the GUID; insertions are much more efficient if the new row always goes at the end. A uniformly distributed GUID will almost never be at the end.

  • Version 4 GUIDs are not necessarily cryptographically random; if GUIDs are generated by a non-crypto-random generator, an attacker could in theory predict what your GUIDs are when given a representative sample of them. An attacker could in theory determine the probability that two GUIDs were generated in the same session. Version one GUIDs are of course barely random at all, and can tell the sophisticated reader when and where they were generated.

  • And so on.

I am planning a series of articles about these and other characteristics of GUIDs in the next couple of weeks; watch my blog for details.

UPDATE: https://ericlippert.com/2012/04/24/guid-guide-part-one/

like image 66
Eric Lippert Avatar answered Sep 20 '22 15:09

Eric Lippert