{"id":7553,"date":"2012-05-23T07:00:00","date_gmt":"2012-05-23T07:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2012\/05\/23\/guids-are-designed-to-be-unique-not-random\/"},"modified":"2012-05-23T07:00:00","modified_gmt":"2012-05-23T07:00:00","slug":"guids-are-designed-to-be-unique-not-random","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20120523-00\/?p=7553","title":{"rendered":"GUIDs are designed to be unique, not random"},"content":{"rendered":"<p>A customer liaison asked, &#8220;My customer is looking for information on the GUID generation algorithm. They need to select <i>N<\/i>&nbsp;items randomly from a pool of&nbsp;<i>M<\/i> (jury selection), and their proposed algorithm is to assign each item a GUID, then sort the items by GUID and take the first&nbsp;<i>N<\/i>.&#8221; (I&#8217;ve seen similar questions regarding using GUIDs for things like passwords or other situations where the programmer is looking for a way to generate a value that cannot be predicted.)\n The GUID generation algorithm was designed for uniqueness. It was not designed for randomness or for unpredictability. Indeed, if you look at <a href=\"http:\/\/blogs.msdn.com\/b\/oldnewthing\/archive\/2008\/06\/27\/8659071.aspx\"> an earlier discussion<\/a>, you can see that so-called Algorithm&nbsp;1 is <i>non-random<\/i> and <i>totally predictable<\/i>. If you use an Algorithm&nbsp;1 GUID generator to assign GUIDs to candidates, you&#8217;ll find that the GUIDs are assigned in numerically ascending order (because the timestamp increases). The customer&#8217;s proposed algorithm would most likely end up choosing for jury duty the first&nbsp;<i>N<\/i> people entered into the system after a 32-bit timer rollover. Definitely not random.\n Similarly, the person who wanted to use a GUID for password generation would find that the passwords are <i>totally predictable<\/i> if you know what time the GUID was generated and which computer generated the GUID (which you can get by looking at the final six bytes from some other password-GUID). Totally-predictable passwords are probably not a good idea.\n Even the Version&nbsp;4 GUID algorithm (which basically says &#8220;set the version to 4 and fill everything else with random or pseudo-random numbers&#8221;) is not guaranteed to be unpredictable, because the algorithm does not specify the quality of the random number generator. <a href=\"http:\/\/en.wikipedia.org\/wiki\/Globally_unique_identifier\"> The Wikipedia article for GUID contains primary research which suggests<\/a> that future and previous GUIDs can be predicted based on knowledge of the random number generator state, since the generator is not cryptographically strong.\n If you want a random number generator, then <i>use a random number generator<\/i>.<\/p>\n<p> <b>Bonus reading<\/b>: Eric Lippert&#8217;s GUID Guide, <a href=\"http:\/\/blogs.msdn.com\/b\/ericlippert\/archive\/2012\/04\/24\/guid-guide-part-one.aspx\"> part 1<\/a>, <a href=\"http:\/\/blogs.msdn.com\/b\/ericlippert\/archive\/2012\/04\/30\/guid-guide-part-two.aspx\"> part 2<\/a>, and <a href=\"http:\/\/blogs.msdn.com\/b\/ericlippert\/archive\/2012\/05\/07\/guid-guide-part-three.aspx\"> part 3<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>A customer liaison asked, &#8220;My customer is looking for information on the GUID generation algorithm. They need to select N&nbsp;items randomly from a pool of&nbsp;M (jury selection), and their proposed algorithm is to assign each item a GUID, then sort the items by GUID and take the first&nbsp;N.&#8221; (I&#8217;ve seen similar questions regarding using GUIDs [&hellip;]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-7553","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"<p>A customer liaison asked, &#8220;My customer is looking for information on the GUID generation algorithm. They need to select N&nbsp;items randomly from a pool of&nbsp;M (jury selection), and their proposed algorithm is to assign each item a GUID, then sort the items by GUID and take the first&nbsp;N.&#8221; (I&#8217;ve seen similar questions regarding using GUIDs [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/7553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=7553"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/7553\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=7553"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=7553"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=7553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}