[Mono-list] For those interested in the Guid class.

Miguel de Icaza miguel@ximian.com
19 Sep 2001 20:40:14 -0400

So it seems like the decent thing to do these days is to use random
data instead of using a computer Mac address (which raises some
privacy issues).

------- Start of forwarded message -------
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-ID:  <BCDB2C3F59F5744EBE37C715D66E779C02902FF6@red-msg-04.redmond.corp.microsoft.com>
Date:         Tue, 18 Sep 2001 19:29:43 -0700
Reply-To: dotnet discussion <DOTNET@DISCUSS.DEVELOP.COM>
From: Brian LaMacchia <bal@MICROSOFT.COM>
Subject:      Re: [DOTNET] Guid.NewGuid()
Content-Transfer-Encoding: 8bit

Hi Bill, 

RNGCryptoServiceProvider is a just wrapper over the cryptographic
pseudorandom number generator inside CryptoAPI.  (We just call
CryptGenRandom, using the default MS CSP, to generate random bytes.)  A
cryptographically security pseudorandom bit generator has the property
that if you're looking at any sequence of random bits b_0, b_1, ...,
b_{n-1} from the generator, of any length n, you can't predict the value
of b_n with probability significantly greater than 1/2.  (I'm playing a
little loose with terms here for the sake of brevity; if you want the
precise definition of the "next bit test" send me mail.)

I'm not sure what you mean by "does this imply uniqueness?" If what
you're asking is, "what's the chance I get two 16-byte sequences from
RNGCryptoServiceProvider that are equal, and thus generate the same
GUIDs", then the answer is 1/(2^128) -- the chance that the two random
sequences are identical.  CryptGenRandom() isn't a repeatable random
number generator like rand() --  you can give CryptGenRandom() the same
seed twice in a row and you'll get completely different values out of


-----Original Message-----
From: Bill Conroy [mailto:BConroy@EXTREMELOGIC.COM] 
Sent: Tuesday, September 18, 2001 6:07 PM
Subject: Re: [DOTNET] Guid.NewGuid()

The docs for GetBytes say it:

'Fills an array of bytes with a cryptographically strong random sequence
of values.'

What exactly does 'strong random sequence' imply???

We know it implies randomness, but does this imply uniqueness? And if
so, to what degree? Globally???

-Bill Conroy
Extreme Logic

You can read messages from the DOTNET archive, unsubscribe from DOTNET, or
subscribe to other DevelopMentor lists at http://discuss.develop.com.

------- End of forwarded message -------