[Mono-list] Needed: randomness for System.Guid.NewGuid.

James Berry james@adastra.co.uk
Tue, 12 Feb 2002 10:00:09 -0000

> I think I remember reading somewhere that Microsoft no longer uses the
> Ethernet ID to generate GUIDs, in response to privacy concerns.
> However, I couldn't find my source for this fact, so I could be
> wrong.  (See http://www.junkbusters.com/microsoft.html, for example,
> for a description of some of the privacy concerns.)

This, too, is from memory.  I believe that Microsoft still uses the
ethernet MAC address to make guids, but then does a hash on the value to
make sure that you cannot retrieve the MAC address later.

There has been some discussion of guid generation on the dotnet mailing
list, and I include an extract here discussing using
RNGCryptoServiceProvider.GetBytes() to generate guids:

"The chance that the resulting bytes from two invocations of
RNGCryptoServiceProvider.GetBytes(16) are identical is 1/(2^128) no
matter when the two calls were made (right next to each other, across
days, etc).  This is because CryptoAPI maintains its own pool of
randomness that it uses to seed the RNG, and this is going to be
different on each machine and of course will vary with time.  CryptoAPI
pulls bits from all over the OS to help seed the pool of randomness.

In any case, any time you use a random number generator in an algorithm
you're going to end up talking about probabilistic measures of
uniqueness -- "it's not unique with prob. 1/2^128" for example.  We do
the same thing with cryptographic hash functions and digital signatures.
If you digitally sign a document A using RSA-SHA1, for example, there's
a 1/2^(160) chance that another document B has the same hash as A and
thus your signature could be moved from B to A.  (2^-160 because SHA1 is
a 160-bit hash.) There is no absolute guarantee of world-wide uniqueness
because that would require a common worldwide database/registry of GUIDs
to filter out duplicates, but in practice that isn't an issue."

...and here's some example code:

private System.Guid GimmeAGuid()
  byte[] data = new byte[ 16 ];  // 16 bytes = 128 bits
  System.Security.Cryptography.RNGCryptoServiceProvider rng = new 
  rng.GetBytes( data );
  return new System.Guid( data );

Hope this helps,

Best wishes