Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can guids be trusted for security, or are they predictable if the system can be forced to generate many known guids?

To start, and define guid, i am using a .net framework Guid This is somewhat a hypothetical situation Users when preforming a specific action have guids generated. Each user can see their own guids. If a user was to know one of another user's guid there would be a security compromise.

How safe is this system if we asume that a user has no way to steal another user's guid and can only guess it?

I understand that blindly guessing guids is impossible. Even if they had a million success values, they would still have only a 10^20 chance of a successful guess

Where i am afraid a problem may exist is guid prediction. Can a user generate a large number of requests, look at the guids he got, and knowing the .net guid generation formula greatly improve his odds of guessing? Can these odds be reduced to a point where they would be a security concern? In that case how should keys be generated in a unique non guessable way?

I ask anyone who mentions the odds of guesses/collisions to add some hard meaning to it. Either an exact number to define odds, or something like, "it can be used to store account data, but not sensitive data"

EDIT

this question seems to go well into the territory I originally sought to explore with this question Is a GUID a good key for (temporary) encryption?

like image 432
Andrey Avatar asked Jan 25 '11 21:01

Andrey


People also ask

Can GUIDs be guessed?

GUIDs are guaranteed to be unique and that's about it. Not guaranteed to be be random or difficult to guess.

Are GUIDs secure?

Discussion. The random GUIDs you create with the Guid. NewGuid method are not known to be cryptographically secure. Thus, it's theoretically possible for a user to predict a GUID value that you generate for another user or task and use this to exploit weaknesses in your system.

Is a GUID enough security?

GUIDs are designed for uniqueness, not for security. For example, we saw that substrings of GUIDs are not unique. For example, in the classic v1 algorithm, the first part of the GUID is a timestamp.

How do GUIDs get generated?

A GUID (globally unique identifier) is a 128-bit text string that represents an identification (ID). Organizations generate GUIDs when a unique reference number is needed to identify information on a computer or network. A GUID can be used to ID hardware, software, accounts, documents and other items.


2 Answers

GUID's/UUID's are intended to generate 128 bit numbers for use primarily as ID's that are unique (for all intents and purposes).

UUID's are not designed to generate cryptographically strong random number sequences, and if you want maximum un-predictability, then cryptographically strong random number sequences are exactly what you want. For this, .NET provides you with the RNGCryptoServiceProvider - designed from the ground up to be as unpredictable as can be reasonably achieved by algorithmic means, so why not use it?

Example:

byte[] GenerateRandomBytes()
{
   byte[] key = new byte[16];

    System.Security.Cryptography.RNGCryptoServiceProvider c =
        new System.Security.Cryptography.RNGCryptoServiceProvider();

    c.GetBytes(key);

    return key;
}
like image 107
saille Avatar answered Nov 12 '22 16:11

saille


Afaik .net generates Version 4 UUIDs as Guids by default. These are random and hard to guess if properly implemented. But since future versions might use another implementation I wouldn't rely on that. I think even earlier versions of windows or .net used Guids based on the Mac-Address which are easier to guess.

So I'd just use one of the crypto-pseudo-random-number-generators built into .net instead. If you generate 16 bytes you have a drop-in replacement for a Guid.

like image 23
CodesInChaos Avatar answered Nov 12 '22 14:11

CodesInChaos