locked
Does Guid.NewGuid() produce UUID version 4 according to RFC4122? RRS feed

  • Question

  • The .NET Framework’s 4.0 Guid.NewGuid() method, what kind of GUID does it produce?
    Does it produce UUID version 4 according to standard RFC4122?
    Friday, August 24, 2018 9:44 AM

All replies

  • Checked ReferenceSource to see it uses CoCreateGuid() of "ole32.dll" directly.

    Therefore refer to this:

    https://plus.google.com/113016711101300761782/posts/E4EpYuQmkDc

    Friday, August 24, 2018 10:03 AM
    Answerer
  • Thank you, but the documentation of CoCreateGuid does not mention, that it generates a UUID version 4.

    In the forum you mention, a Mr Drivilas states that CoCreateGuid generates UUID version 4, but he does not give a reference.

    Friday, August 24, 2018 11:03 AM
  • That's something you can verify yourself.

    Refer to section 4.1.3 of RFC4122:

    The version number is in the most significant 4 bits of the time
       stamp (bits 4 through 7 of the time_hi_and_version field).

    Guid g = Guid.NewGuid();
    Console.WriteLine(g);

    XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX
    
    c7a0e475-27f5-4bf2-8eb0-17b07d9de3ac


    Friday, August 24, 2018 1:45 PM
    Answerer
  • Yes, I agree, and I ran Guid.NewGuid() one million times, and it allways has the version nr 4. But this does not yet prove, that it will be allways like this. Microsoft should somewhere indicate, that the function NewGuid() produces UUID version 4. 

    Friday, August 24, 2018 2:32 PM
  • You know, if a GUID generating function does not provide parameter to let you switch the GUID version, it must generate GUID complying the same version because different kind of GUID have different use.

    A GUID function that does not allow specify parameter but generates random kind of GUID serves no purpose at all, and the need to add different code to comply the need of individual version also doesn't make sense to me.

    Saturday, August 25, 2018 12:53 AM
    Answerer
  • Yes, I agree, and I ran Guid.NewGuid() one million times, and it allways has the version nr 4. But this does not yet prove, that it will be allways like this. Microsoft should somewhere indicate, that the function NewGuid() produces UUID version 4. 

    CoCreateGuid uses UuidCreate to create a GUID.  The docs for UuidCreate state -

    "For security reasons, it is often desirable to keep ethernet addresses on networks from becoming available outside a company or organization. The UuidCreate function generates a UUID that cannot be traced to the ethernet address of the computer on which it was generated. It also cannot be associated with other UUIDs created on the same computer."

    So although Version 4 is not explicity mentioned, it seems that a Version 4 UUID is returned by CoCreateGuid.

    Saturday, August 25, 2018 12:43 PM
  • Yes, exactly, a GUID function that may generate different versions of UUID serves no purpose at all. So how can I be sure, that Guid.NewGuid() will allways return a UUID version 4?
    Monday, September 3, 2018 7:07 AM
  • Yes, it seems that a UUID version 4 is returned by CoCreateGuid, and the tests indicate that. But how can you be sure, that it will allways create a UUID version 4?
    • Edited by pappasa Monday, September 3, 2018 7:09 AM
    Monday, September 3, 2018 7:09 AM
  • If you don't satisfy with the reasoning here. Since there seems no documentation state that explicitly at all, I think there only remain 2 acceptable solution to you.

    1) File a paid support to Microsoft as have a engineer verify it for you. Note that you may need to fight your way through the first tier support to reach an engineer, but this is generally the faster way.

    2) Ask your question on MicrosoftDoc GitHub Feedback page. The response time is unknown. The triage time is usually very fast, but it can take some time before they assign people to ask some development folks for confirmation.


    Monday, September 3, 2018 8:16 AM
    Answerer
  • Thank you very much for your suggestions.

    I have the requirement to produce UUID version 4 according to standard RFC 4122. I have to prove, that my code produces UUIDs according to that standard. The normal thing would be to reference the documentation of the NewGuid. I wonder what other developers are doing.

     I submitted the following issues:

    1. On MicrosoftDoc Feedback page

    2. On Developer Community

    Monday, September 3, 2018 9:47 AM
  • Some more documentation from Microsoft regarding CoCreateGuid from https://docs.microsoft.com/en-us/windows/desktop/com/guid-creation-and-optimizations

    "Because a CLSID, like an interface identifier (IID), is a GUID, no other class, no matter who writes it, has a duplicate CLSID. Server implementers generally obtain CLSIDs through the CoCreateGuid function. This function is guaranteed to produce unique CLSIDs, so server implementers across the world can independently develop and deploy their software without fear of accidental collision with software written by others."  (Emphasis added)



    • Edited by RLWA32 Wednesday, September 5, 2018 1:01 PM
    Wednesday, September 5, 2018 1:01 PM
  • Yes, it is guaranteed to produce unique CLSIDs, but are they UUIDs version 4 according to RFC4122?
    Wednesday, September 5, 2018 1:28 PM
  • I opened Case Nr 118090418920099

    at Microsoft. Here is the correspondance of the case. The conclusion is, that Guid.NewGuid in practice generates UUID variant 2 version 4 according to standard RFC 4122, but it is not guaranteed, and therefore it is suggested to implement a custom method.

    Case correspondance part 1

    ------------------------------------

    From: Martin Nolte Sent: Tuesday, September 04, 2018 15:21 To: Pappas Alexandros Cc: MSSolve Case Email Subject: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

    Hello Alexandros,
    Thank you for contacting Microsoft Support. My name is Martin Nolte.  I am the Support Professional who will be working with you on this Service Request. You may reach me using the contact information listed below, referencing the SR number 118090418920099.

     

    I have done a research regarding the Guid.NewGuid generation and I have gone through the following articles and blogs so far:

    This is the .NET Source Source Code for the Guid.NewGuid static API:

    https://referencesource.microsoft.com/#mscorlib/system/guid.cs,b7fae6994c22c22e,references

     

    According to this source code the GUID is generated using the

     

    CoCreateGuid API

    https://docs.microsoft.com/en-us/windows/desktop/api/combaseapi/nf-combaseapi-cocreateguid

     

    which internally calls the

     

    UuidCreate function

    https://docs.microsoft.com/en-us/windows/desktop/api/rpcdce/nf-rpcdce-uuidcreate

     

    According to

    https://blog.stephencleary.com/2010/11/few-words-on-guids.html

    the Microsoft Implementation also uses the random guid (Variant 2, Version 4)version of RFC 4122.

     

    For the moment I am double checking the UuidCreate function to verify that it applies to the mentioned version of the RFC.


    If you have any questions or concerns, please let me know. We can also have a call regarding the mentioned issue.
    Best Regards,

    MSFT_logo

    Martin Nolte  Support Escalation Engineer

    Office: +49 (89) 31764337 

     

    From: Pappas Alexandros  Sent: Dienstag, 4. September 2018 14:47 To: Martin Nolte  Cc: MSSolve Case Email <casemail@microsoft.com>; Subject: RE: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

     

    Hello Martin,

     

    Thank you for the links. 

    The documentation of Guid.NewGuid, CoCreateGuid, and UuidCreate does not mention that the respective method generates a UUID variant 2, version 4 according to RFC 4122.

    Mr Cleary writes, that since Windows 2000, UuidCreate returns a UUID version 4, but he gives no reference to any Microsoft documentation.

     

    Best regards,

     

    Alexandros Pappas



    • Edited by pappasa Friday, September 14, 2018 6:33 AM
    Thursday, September 13, 2018 7:58 AM
  • Case correspondance part 2

    -------------------------------------

    From: Martin Nolte Sent: Tuesday, September 04, 2018 16:23 To: Pappas Alexandros Cc: MSSolve Case Email Subject: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

    Hello Alexandros,

     

    I have double checked the source code of the UuidCreate function. Since the source code is confidential I can tell you what the function internally does:

     

    1. It creates a random 16  byte number that represents the UUID.
    2. It modifies two bits: TimeHiAndVersion and ClockSeqHiAndReserved

     

    This should be compliant to the RFC variant 2 version 4. However our documentation has only confirmations to the standard for

    Sharepoint  https://docs.microsoft.com/en-us/javascript/api/sp-core-library/guid?view=sp-typescript-latest

     

    Let me know if you need any further information regarding this issue.

     

    Kind Regards

     

    MSFT_logo

    Martin Nolte  Support Escalation Engineer

    Office: +49 (89) 31764337 

     

    From: Pappas Alexandros  Sent: Mittwoch, 5. September 2018 08:52 To: Martin Nolte  Cc: MSSolve Case Email <casemail@microsoft.com>; Subject: RE: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

     

    Hello Martin,

     

    Thank you for your response. The algorithm should modify two bytes, not two bits, if it is compliant with RFC 4122.

     

     

    The variant field consists of a variable number of the most significant bits of octet 8 of the UUID.
     
    Msb0  Msb1  Msb2  Description
    1     0     x    The variant specified in this document.
     
    Octet 8 is the clk_seq_hi_res byte.
     
    According to RFC 4122 chapter 4.1.3 Version:
     
    The version number is in the most significant 4 bits of the time stamp (bits 4 through 7 of the time_hi_and_version field).
     
       The following table lists the currently-defined versions for this
       UUID variant.
     
       Msb0  Msb1  Msb2  Msb3   Version  Description
        0    1     0    0       4     The randomly or pseudo-randomly generated version specified in this document.

     

    Can you please check, that this is so?

     

    I would like to have the following questions about the .NET method Guid.NewGuid answered:

     

    1. Does this method produce UUID variant 2, version 4, according to RFC4122?

    2. Is it possible, that this method will produce in a later .NET Framework, or in a later Windows release another variant or version of UUID? If yes, will it be mentioned in the release notes?
    3. Is there a method (maybe a COM method or WINAPI method) that takes as parameter the variant and version and produces a UUID according to RFC4122? If not, is there a method that produces explicitly UUID variant 2, version 4 according to RFC4122 like the java method UUID.randomUUID?

    The reason, that this is so important for us, is the following: We have a payment system, through which thousands of payments are processed every day. The Swift Standards MT Release 2018 introduces the new field 121 in block 3, that is to be filled with a UUID Variant 2 Version 4. We fill this field with Guid.NewGuid(). Therefore, we need the guarantee, that Guid.NewGuid() will allways produce a UUID Variant 2 Version 4 according to RFC4122.

     

    Best regards,

     

    Alexandros

    Thursday, September 13, 2018 8:01 AM
  • Case correspondance part 3
    ------------------------------


    From: Martin Nolte [martinn@microsoft.com] Sent: Wednesday, September 05, 2018 14:38 To: Pappas Alexandros Cc: MSSolve Case Email; Dimopoulou Georgia; Theodoropoulos Fanis Subject: RE: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

    Hello Alexandros,

     

    from our source code I can see that the following modifications are done on the GUID:

    1. TimeHiAndVersion modifies 2 bytes
    2. ClockSeqHiAndReserved modifies 1 byte

    Of the random GUID number.

     

    Coming back to your questions:

    1.        Does this method produce UUID variant 2, version 4, according to RFC4122?

    According to the above, yes: the Guid.NewGuid which calls internally the “UuidCreate”API is compliant with RFC 4122, variant 2, version 4. Let me get a confirmation from the RPC team as well.

     

    1.        Is it possible, that this method will produce in a later .NET Framework, or in a later Windows release another variant or version of UUID? If yes, will it be mentioned in the release notes?

    It is unlikely that the .NET Framework will use another variant of version of the UUID. If there would be changes it should be documented in the MSDN documentation.

     

           3.  Is there a method (maybe a COM method or WINAPI method) that takes as parameter the variant and version and produces a UUID according to RFC4122?

    Yes: you might use the following APIs which are internally called by .NET:

     

    CoCreateGuid API

    https://docs.microsoft.com/en-us/windows/desktop/api/combaseapi/nf-combaseapi-cocreateguid

     

    which internally calls the

     

    UuidCreate function

    https://docs.microsoft.com/en-us/windows/desktop/api/rpcdce/nf-rpcdce-uuidcreate

     

     

    If not, is there a method that produces explicitly UUID variant 2, version 4 according to RFC4122 like the java method UUID.randomUUID?

    The above methods should generate a UUID variable 2 version 4 version.

     

    Kind Regards

     

    MSFT_logo

    Martin Nolte  Support Escalation Engineer

    Office: +49 (89) 31764337 

    From: Pappas Alexandros 
    Sent: Mittwoch, 5. September 2018 15:17
    To: Martin Nolte 
    Cc: MSSolve Case Email <casemail@microsoft.com>
    Subject: RE: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

     

    Hello Martin,

     

    Thank you very much for your answer. 

     

    1. I would be gratefull, if you could get a comfirmation from the RPC team.

    2. The CoCreateGuid function takes the parameter GUID *pguid,

    which is a pointer to a GUID structure,

    that is filled by the method.

    I do not see any parameter that would specify the Variant or Version for the generated UUID. Is there some other method, that has these parameters?

     

    Best regards,

     

    Alexandros


    • Edited by pappasa Thursday, September 13, 2018 8:17 AM
    Thursday, September 13, 2018 8:16 AM
  • Case correspondance part 4
    ---------------------------------

     

    From: Martin Nolte Sent: Thursday, September 06, 2018 10:17 To: Pappas Alexandros Cc: MSSolve Case Email Subject: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

    Hello Alexandros,

     

    I have been able to have a discussion with colleague from the RPC product team and we came up with the following conclusion which is different from my first statement:

    ======

    Our implementation does appear to conform to the version 4 UUID i.e. a Randomly or psueudo randomly generated version.  That being said, looking at the documentation for UuidCreate https://docs.microsoft.com/en-us/windows/desktop/api/rpcdce/nf-rpcdce-uuidcreate

    we appear to make no guarantee that we will conform to RPC 4122 so if you have a compliance requirement that they use RFC 4122 conformant Uuid's then I'd recommend using an implementation which contractually guarantees this or at least validates that the version and reserved bits specified in the RFC 4122 version 4 are set appropriately since it appears that there is very little specification on how the rest of the bits should be randomly chosen.

    =======

     

    So this means that neither UuidCreate API nor the .NET Framework APIs guarantee that they are compliant with RPC 4122 and it is not in our documentation (although our internal source code implementation shows that it is reflecting RFC 4122 variant 2 version 4).

     

    So our suggestion is to write your own implementation of the Guid which will ensure that you keep the standard.

     

    Examples on creating your own GUIDs with .Net are listed here.

     

    Implementation of the RFC 4122 UUID version 4 (variant 1)

    https://github.com/pwm/uuid-v4

     

    and

     

    Generate a UUID compliant with RFC 4122

    https://www.cryptosys.net/pki/uuid-rfc4122.html

     

     

    Kind Regards

     

    MSFT_logo

    Martin Nolte  Support Escalation Engineer

    Office: +49 (89) 31764337 

     

    From: Pappas Alexandros 
    Sent: Donnerstag, 6. September 2018 10:22
    To: Martin Nolte 
    Cc: MSSolve Case Email <casemail@microsoft.com>
    Subject: RE: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

     

    Hello Martin,

     

    Thank you for your answer.

    The first link you provided is in PHP, the second needs the CryptoSys PKI Toolkit, for which a license is needed, so  these solutions do not help us.

    Could you please write us, which method for the generation of 16 random bytes is used by Guid.NewGuid()?

     

    Best regards,

     

    Alexandros



    • Edited by pappasa Thursday, September 13, 2018 8:19 AM
    Thursday, September 13, 2018 8:19 AM
  • Case correspondance part 5
    ---------------------------------


    From: Martin Nolte
    Sent: Thursday, September 06, 2018 12:09
    To: Pappas Alexandros
    Cc: MSSolve Case Email
    Subject: RE: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

    Hello Alexandros,

     

    I have modified the second sample

     

    Generate a UUID compliant with RFC 4122

    https://www.cryptosys.net/pki/uuid-rfc4122.html

     

    to run without the dependency of  CryptoSys API. You should be able to run the below in Visual Studio from a Console based application.

     

    Please note that this is just example code and that you might need to add appropriate routines for error handling.

     

    ==========

    using System;

    using System.Collections.Generic;

    using System.Linq;

    using System.Text;

    using System.Threading.Tasks;

     

    namespace calculateUUID

    {

        class Program

        {

            public static string ByteArrayToString(byte[] ba)

            {

                StringBuilder hex = new StringBuilder(ba.Length * 2);

                foreach (byte b in ba)

                    hex.AppendFormat("{0:x2}", b);

                return hex.ToString();

            }

            public static string UUID_Make()

            {

                //                                           12345678 9012 3456 7890 123456789012

                // Returns a 36-character string in the form XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

                // where "X" is an "upper-case" hexadecimal digit [0-9A-F].

                // Use the LCase function if you want lower-case letters.

     

                byte[] abData = new byte[16];

                string strHex = null;

     

                // 1. Generate 16 random bytes = 128 bits

                Random rnd = new Random();

                rnd.NextBytes(abData);

                //abData = Rng.Bytes(16);

                // DEBUGGING...

                //'Console.WriteLine("RNG=" & Cnv.ToHex(abData))

     

                // 2. Adjust certain bits according to RFC 4122 section 4.4.

                // This just means do the following

                // (a) set the high nibble of the 7th byte equal to 4 and

                // (b) set the two most significant bits of the 9th byte to 10'B,

                //     so the high nibble will be one of {8,9,A,B}.

                abData[6] = (byte)(0x40 | ((int)abData[6] & 0xf));

                abData[8] = (byte)(0x80 | ((int)abData[8] & 0x3f));

     

                // 3. Convert the adjusted bytes to hex values

                strHex = ByteArrayToString(abData);

                // DEBUGGING...

                //'Console.WriteLine("ADJ=" & Cnv.ToHex(abData))

                //'Console.WriteLine("                ^   ^") ' point to the nibbles we've changed

     

                // 4. Add four hyphen '-' characters

                //'strHex = Left$(strHex, 8) & "-" & Mid$(strHex, 9, 4) & "-" & Mid$(strHex, 13, 4) _

                //'    & "-" & Mid$(strHex, 17, 4) & "-" & Right$(strHex, 12)

                strHex = strHex.Substring(0, 8) + "-" + strHex.Substring(8, 4) + "-" + strHex.Substring(12, 4) + "-" + strHex.

                Substring(16, 4) + "-" + strHex.Substring(20, 12);

     

                // Return the UUID string

                return strHex;

            }

     

            public static void Main()

            {

                string strUuid = null;

                int i = 0;

                for (i = 1; i <= 10; i++)

                {

                    strUuid = UUID_Make();

                    Console.WriteLine("{0}", strUuid);

                    Console.ReadLine();

                }

            }

        }

    }

     

     

    Kind Regards

     

    MSFT_logo

    Martin Nolte 
    Support Escalation Engineer

    Office: +49 (89) 31764337 
      


     

    From: Pappas Alexandros   Sent: Donnerstag, 6. September 2018 12:14 To: Martin Nolte  Subject: RE: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

     

    Hello Martin,

     

    Thank you for the sample. I see it uses the class Random. The documentation of this class states:

     

    The chosen numbers are not completely random because a mathematical algorithm is used to select them, but they are sufficiently random for practical purposes.

     

    Does Guid.NewGuid() use the same internal method as Random.NextBytes()? I think, the generated numbers should be completely random, and I thought, that Guid.NewGuid() uses a better random number generator.

     

    Best regards,

     

    Alexandros


    • Edited by pappasa Thursday, September 13, 2018 8:25 AM
    Thursday, September 13, 2018 8:20 AM
  • Case correspondance part 6
    ---------------------------------

    From: Martin Nolte Sent: Thursday, September 06, 2018 14:07 To: Pappas Alexandros  Subject: RE: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

    Hello Alexandros,

     

    the Guid.NewGuid uses the UuidCreate function which uses a non-documented function to create the random value.

     

    You are correct saying that the Random class’ results are not completely random.  Our documentation says in addition:

    To generate a cryptographically secure random number, such as one that's suitable for creating a random password, use the RNGCryptoServiceProvider class or derive a class from System.Security.Cryptography.RandomNumberGenerator.

     

    The documentation

    RNGCrypto​Service​Provider  Class

    https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rngcryptoserviceprovider?view=netframework-4.7.2

    has a sample code which also demonstrates how to fill a byte array with random bytes:

    ….

            byte[] randomNumber = new byte[1];

            do

            {

                // Fill the array with a random value.

                rngCsp.GetBytes(randomNumber);

            }

     

    The GetBytes method has the demo as well.

     

     

    Kind Regards

     

    MSFT_logo

    Martin Nolte  Support Escalation Engineer

    Office: +49 (89) 31764337  

     

    From: Pappas Alexandros  Sent: Thursday, September 6, 2018 4:04 PM To: Martin Nolte Subject: RE: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

     

    Hello Martin,

     

    Thank you for your answer. 

     

    Do you agree with the answers to the following questions about the .NET method Guid.NewGuid?

     

    1. Does this method produce UUID variant 2, version 4, according to RFC4122?

     

    In practice yes, but it is not guranteed.

    2. Is it possible, that this method will produce in a later .NET Framework, or in a later Windows release another variant or version of UUID? If yes, will it be mentioned in the release notes?

    As in the present it is not guaranteed, in the future it may as well not be guaranteed.
    3. Is there a method (maybe a COM method or WINAPI method) that takes as parameter the variant and version and produces a UUID according to RFC4122? If not, is there a method that produces explicitly UUID variant 2, version 4 according to RFC4122 like the java method UUID.randomUUID?

    There is no such method. Our suggestion is to write your own implementation using the RNGCryptoServiceProvider class to produce random numbers.

    Thank you very much for your sample, I converted it to VB.NET, and I put it into a TestClass. The actual method to produce the UUID is the CreateUUIDVariant2Version4. The test spawns 10 threads and each thread iterates 100.000 times, generating on each iteration a UUID. It is checked, that the UUIDs are Variant 2, Version 4, and that they are unique. If you could verify, that this is a correct way to generate UUIDs variant 2, version 4 according to RFC 4122, that would be great.

    Best regards,

    Alexandros

    Imports System.Security.Cryptography

    Imports System.Threading

     

    <TestClass()>

    Public Class TestFTSLib

     

        Dim UETRs As HashSet(Of String)

        Dim NrIterations As Integer

        Dim NrThreads As Integer

        Dim ThreadException As Exception

     

        Private Function CreateUUIDVariant2Version4() As String

            Using rnd = New RNGCryptoServiceProvider()

                Dim abData(15) As Byte

                rnd.GetBytes(abData)

                abData(6) = CByte(&H40 Or (abData(6) And &HF))

                abData(8) = CByte(&H80 Or (abData(8) And &H3F))

                Dim strHex = String.Join("", abData.Select(Function(p) p.ToString("x2")))

                Return strHex.Substring(0, 8) & "-" & strHex.Substring(8, 4) & "-" & strHex.Substring(12, 4) & "-" & strHex.Substring(16, 4) & "-" & strHex.Substring(20, 12)

            End Using

        End Function

     

        Private Sub TestUUIDVariant2Version4Thread()

            Dim uuetr As String

            For i = 1 To NrIterations

                Try

                    uuetr = CreateUUIDVariant2Version4()

                Catch ex As Exception

                    ThreadException = ex

                End Try

                If ThreadException IsNot Nothing Then

                    Exit For

                End If

                Assert.IsTrue(uuetr(14) = "4")

                Assert.IsTrue("8,9,a,b".Contains(uuetr(19)))

                SyncLock UETRs

                    Assert.IsFalse(UETRs.Contains(uuetr))

                    Try

                        UETRs.Add(uuetr)

                    Catch ex As Exception

                        ThreadException = ex

                    End Try

                End SyncLock

                If ThreadException IsNot Nothing Then

                    Exit For

                End If

            Next

        End Sub

     

        <TestMethod()>

        Public Sub TestUUIDVariant2Version4()

            UETRs = New HashSet(Of String)

            NrIterations = 100000

            NrThreads = 10

            Dim threads(NrThreads - 1) As Thread

            For i = 0 To UBound(threads)

                threads(i) = New Thread(AddressOf TestUUIDVariant2Version4Thread)

                threads(i).Start()

            Next

            For i = 0 To UBound(threads)

                threads(i).Join()

            Next

            If ThreadException IsNot Nothing Then

                Throw New Exception(ThreadException.ToString)

            End If

        End Sub

     

    End Class

    Thursday, September 13, 2018 8:28 AM
  • Case correspondance part 7
    ---------------------------------



    From: Martin Nolte 
    Sent: Thursday, September 06, 2018 18:12
    To: Pappas Alexandros
    Subject: RE: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

    Hello Alexandros,

     

    I have reviewed the answers and also the source code further below and checked for the variant 2 version 4 compliance and from what I can see everything looks good.

    Just let me know if there are any further questions from your end or if this Service Request can be archived.

     

    Kind Regards

     

    MSFT_logo

    Martin Nolte 
    Support Escalation Engineer

    Office: +49 (89) 31764337 
      


     

    From: Pappas Alexandros  Sent: Monday, September 10, 2018 1:38 PM To: Martin Nolte  Subject: RE: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

     

    Hello Martin,

     

    I would like to ask the following:

     

    Does Guid.NewGuid use RNGCryptoServiceProvider? 

    If not, does it use a better Random generation algorithm?

     

    Best regards,

     

    Alexandros

    • Edited by pappasa Thursday, September 13, 2018 8:31 AM
    Thursday, September 13, 2018 8:29 AM
  • Case correspondance part 8
    ---------------------------------


    From: Martin Nolte 
    Sent: Tuesday, September 11, 2018 16:10
    To: Pappas Alexandros
    Cc: MSSolve Case Email
    Subject: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

    Hello Alexandros,

     

    If you watch the source code of the RNGCryptoServiceProvider::GetBytes here:

    https://referencesource.microsoft.com/mscorlib/R/0621ecb309739dcc.html

     

    you can see that the API is making an internal P/Invoke call to JitHelpers.QCall (instead of a reference to a “normal dll”):

    [DllImport(JitHelpers.QCallCharSet = CharSet.Unicode),

     

    Normally you should have a dll name after the DllImport – for example [DllImport("advapi32.dll", SetLastError=true)].

     

    So this means that for the RNGCryptoServiceProvider the functionality behind the call should be hidden as much as possible. With this information I cannot tell yet which API is called exactly under the hood. It looks like the windows internal functionality that is being called is different from the Guid.NewGuid method. In order to prove that I would need to debug the application with source code which would take some time.

     

    The RNGCryptoServiceProvider should have a much better algorithm than the internally API that is called inside the NewGuid method – see also this MSDN blog

    https://blogs.msdn.microsoft.com/devschool/2011/03/11/random-numbers-are-they-really-random/

     

    Kind Regards

     

    MSFT_logo

    Martin Nolte 
    Support Escalation Engineer

    Office: +49 (89) 31764337 
      


     

     

    From: Pappas Alexandros  Sent: Dienstag, 11. September 2018 16:18 To: Martin Nolte  Cc:  MSSolve Case Email <casemail@microsoft.com> Subject: RE: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

     

    Hello Martin,

     

    Thank you for your answer.

    in the last minute says, that to create Guids one should use Guid.NewGuid, and to create random numbers one should use RNGCryptoServiceProvider.

     

    So what is better, to use Guid.NewGuid, or implement a custom method using RNGCryptoServiceProvider?

     

    Best regards,

     

    Alexandros



    From: Martin Nolte 
    Sent: Tuesday, September 11, 2018 18:11
    To: Pappas Alexandros
    Cc: MSSolve Case Email
    Subject: RE: [REG:118090418920099] .NET Framework 4.0 Guid.NewGuid Initial Response

    Hello Alexandros,

     

    thanks for coming back.

    Regarding your last point: you are free to use the Guid.NewGuid API as well. However – we cannot guarantee that  variant 2, version 4, according to RFC4122 is held. The Randomize-function that the NewGuid method uses under the hood is a Win32 API which is not public.

     

    The “Random” class only provide “Pseudo Random” number. It is faster than the RNGCryptoServiceProvider but random numbers of the Random class are not guaranteed to be unique.

    So the suggestion would be to use RNGCryptoServiceProvider for generating the random numbers.

     

    With this information at hand you would need to decide yourself what algorithm is best for you.

     

    Kind Regards

     

    MSFT_logo

    Martin Nolte 
    Support Escalation Engineer

    Office: +49 (89) 31764337 
      



    • Edited by pappasa Thursday, September 13, 2018 8:38 AM
    Thursday, September 13, 2018 8:35 AM