Re: how secure is windows GUID generation?
Date: 17 Aug 2005 10:12:01 -0700
If you look at these, the lead few bits of the first digit in the
fourth group are the protocol variant, which in this case the bits are
10 = "the standard". (Older Windows might use the 110 = "Microsoft
backwards compatability" varient)
With the statndard format, the first nible of the third group is the
version. In this case it is 4, which specifies "random".
Version 4 of the UUID standard says are all remaining bits are random.
Thus, you have a random number of (32*8-6) bits.
You should note that all other versions of the UUID are very
structured, and will generate highly predictable numbers. I have no
idea of what versions of Microsoft will use this version of GUID, for
any machine the number must be:
XXXXXXXX-XXXX-4XXX-VXXX-XXXXXXXXXXXX With V=8/9/A/B
else it's no good for use as a random number.
No comment on the randomness/security of Microsoft's random number
There is an IETF document on this, look for UUIDs and GUIDs