How Random is System.Guid.NewGuid()? (Take two)

 

Before you start marking this as a duplicate, read me out. The other question has a (most likely) incorrect accepted answer.

I do not know how .NET generates its GUIDs, probably only Microsoft does, but there's a high chance it simply calls CoCreateGuid(). That function however is documented to be calling UuidCreate(). And the algorithms for creating an UUID are pretty well documented.

Long story short, be as it may, it seems that System.Guid.NewGuid() indeed uses version 4 UUID generation algorithm, because all the GUIDs it generates matches the criteria (see for yourself, I tried a couple million GUIDs, they all matched).

In other words, these GUIDs are almost random, except for a few known bits.

This then again raises the question - how random IS this random? As every good little programmer knows, a pseudo-random number algorithm is only as random as its seed (aka entropy). So what is the seed for UuidCreate() ? How ofter is the PRNG re-seeded? Is it cryptographically strong, or can I expect the same GUIDs to start pouring out if two computers accidentally call System.Guid.NewGuid() at the same time? And can the state of the PRNG be guessed if sufficiently many sequentially generated GUIDs are gathered?

Added: To clarify, I'd like to find out how random can I trust it to be and thus - where can I use it. So, let's establish a rough "randomness" scale here:

  • Basic randomness, taking current time as the seed. Usable for shuffling cards in Solitaire but little else as collisions are too easy to come by even without trying.
  • More advanced randomness, using not only the time but other machine-specific factors for seed. Perhaps also seeded only once on system startup. This can be used for generating IDs in a DB because duplicates are unlikely. Still, it's not good for security because the results can be predicted with sufficient effort.
  • Cryptograhpically random, using device noise or other advanced sources of randomness for seed. Re-seeded on every invocation or at least pretty often. Can be used for session IDs, handed out to untrusted parties, etc.

    • I arrived at this question while thinking if it would be OK to use them as DB IDs, and whether the Guid.comb algorithm implementation together with System.Guid.NewGuid() (like NHibernate does it) would be flawed or not.

    The accepted answer to a related question states:

    A GUID doesn't make guarantees about randomness, it makes guarantees around uniqueness. If you want randomness, use Random to generate a string.

    Anything else is an implementation detail (and might change).

    Update: To make my point clearer: Even if the current .NET 3.5 implementation produced a truly random guid (which is not the case) there is no guarantee that this would be the case in the future or true for other implementations of the BCL (eg Mono, Silverlight, CF, etc)

    Update 2: The format of UUID is specified by RFC4122 . Section 6 makes an explicit statement on security:

    Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example. A predictable random number source will exacerbate the situation.

    Some people have already hinted at that but I want to repeat it since there appears to be a misconception there:

    Randomness and uniqueness are orthogonal concepts.

    Random data can be unique or redundant, and likewise unique data can use a random source or a deterministic source (think a global counter that is locked and incremented for every GUID ever created).

    GUIDs were designed to be unique, not random. If the .NET generator appears to use random input, fine. But don't rely on it as a source of randomness, neither for cryptographical nor for any other purposes (in particular, what distribution function do you expect to get?). On the other hand, you can be reasonably sure that GUIDs created by .NET, even in large volumes, will be unique.

    The definition of Random in no way relates to the definition of Globally Unique.

    Flipping a coin twice and getting HH, HT, TH, TT are all random. HH is just as random as HT.

    Flipping a "special" coin twice and guaranteeing that you will only get HT or TH is uniqueness.

    链接地址: http://www.djcxy.com/p/17714.html

    上一篇: 随机串生成器返回相同的字符串

    下一篇: 随机是如何System.Guid.NewGuid()? (拿两个)