I know this may sounds like a pointless question, but hear me out...
I basically want to know if I can trust the GUID to generate a value which will be unique 100% of the time and impossible to predict.
I'm basically rolling my on login system for a website and want to know if the GUID is secure enough for session cookies.
Any background on how the GUID is generated would be much appreciated in evaluating the answers.
Thanks for the links to duplicate questions, however, my question is specific to the .Net framework.
How unique is a GUID? 128-bits is big enough and the generation algorithm is unique enough that if 1,000,000,000 GUIDs per second were generated for 1 year the probability of a duplicate would be only 50%. Or if every human on Earth generated 600,000,000 GUIDs there would only be a 50% probability of a duplicate.
Definitely not random. Similarly, the person who wanted to use a GUID for password generation would find that the passwords are totally predictable if you know what time the GUID was generated and which computer generated the GUID (which you can get by looking at the final six bytes from some other password-GUID).
Multiple threads allocating new guids will get unique values, but you should get that the function you are calling is thread safe.
Guid. NewGuid() creates an empty Guid object, initializes it by calling CoCreateGuid and returns the object.
Here's an excellent breakdown by Raymond Chen
No fixed-length value can ever guarantee to be 100% unique (just call it enough times, give or take the universe ending ;-p) - but it can be very, very, very unlikely to duplicate.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With