News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Question about GUIDs

Started by NoCforMe, July 01, 2024, 08:09:45 AM

Previous topic - Next topic

NoCforMe

After writing a li'l GUID-getting utility, I have some basic questions:

GUIDs are supposed to be unique, right? (And no, there's no such thing as being "somewhat unique", which would be like being "somewhat pregnant": it's definitely a binary thing).

So how do "they" ensure that they actually are unique? (whoever "they" may be)

I understand that UuidCreate() "phones home" (to Micro$oft?) when it's called. Do they (MS or someone else) maintain a database of GUIDs? How else could they guarantee uniqueness (if in fact they do guarantee uniqueness)?

And--kind of a long shot here, but still--is there any danger, privacy-wise, of having a central repository of these numbers? I know they're not supposed to be attached to any physical device or system, but one wonders ...
Assembly language programming should be fun. That's why I do it.

Siekmanski

18.446.744.073.709.551.616 different GUIDs are possible, more than enough to generate unique GUIDs.
Creative coders use backward thinking techniques as a strategy.

NoCforMe

Quote from: Siekmanski on July 01, 2024, 09:16:52 AM18.446.744.073.709.551.616 different guides are possible, more than enough to generate unique guides.
Yes, I get that; but how do they guarantee that they are unique, that there are no duplicates? I don't think even the best random-number generators can promise that. There must be some way of tracking them. Otherwise why would UuidCreate() be phoning someone up on the Internet?
Assembly language programming should be fun. That's why I do it.

NoCforMe

For instance, here's a page describing how the NIH (US Nat'l. Institute of Health) generates GUIDs, with a diagram showing a GUID database on a "NIH Centralized GUID Server".

So if there are many of these databases, how are they coordinated? and is there a central repository?
Assembly language programming should be fun. That's why I do it.

Siekmanski

#4
Creative coders use backward thinking techniques as a strategy.

sinsi

Quote from: NoCforMe on July 01, 2024, 09:33:24 AMFor instance, here's a page describing how the NIH (US Nat'l. Institute of Health) generates GUIDs, with a diagram showing a GUID database on a "NIH Centralized GUID Server".
I don't think their GUID is the same
Quotea new GUID (a random 10-digit alpha-numeric format: NIH012ABC34DE) is generated

Quote from: NoCforMe on July 01, 2024, 08:09:45 AMI understand that UuidCreate() "phones home" (to Micro$oft?) when it's called
Where did you get that from?
🍺🍺🍺

NoCforMe

Quote from: sinsi on July 01, 2024, 10:39:08 AM
Quote from: NoCforMe on July 01, 2024, 08:09:45 AMI understand that UuidCreate() "phones home" (to Micro$oft?) when it's called
Where did you get that from?

For one thing, this error from UuidCreate():

RPC_S_UUID_NO_ADDRESS
Cannot get Ethernet or token-ring hardware address for this computer.

It's evidently reaching out somewhere on the network ... or is it using that address to generate the GUID via a RNG?
Assembly language programming should be fun. That's why I do it.

fearless

You obviously didn't read the links that where provided by TimoVJL, as they explain everything about the GUIDs and how they work.

https://masm32.com/board/index.php?topic=12077.msg132161#msg132161

NoCforMe

That's a lot of stuff to read. More than I care to.
Can you explain to us, in simple terms, how GUIDs are generated, and how their uniqueness can be assured?
Assembly language programming should be fun. That's why I do it.

NoCforMe

In that first doc Timo linked to:
QuoteThe specification [Version 4] doesn't specify how the random numbers should be generated, they could be anything where from psuedo-random to cryptographically secure - hence these GUIDs like all other GUIDs should only be used for identification and not for security.
(my italics)
This sounds like it implies that they may not be absolutely guaranteed to be unique. (How could a GUID produced by some unspecified PRNG be expected to be guaranteed unique?)
Assembly language programming should be fun. That's why I do it.

sinsi

Quote from: NoCforMe on July 01, 2024, 10:45:46 AM
Quote from: sinsi on July 01, 2024, 10:39:08 AM
Quote from: NoCforMe on July 01, 2024, 08:09:45 AMI understand that UuidCreate() "phones home" (to Micro$oft?) when it's called
Where did you get that from?

For one thing, this error from UuidCreate():

RPC_S_UUID_NO_ADDRESS
Cannot get Ethernet or token-ring hardware address for this computer.


It's evidently reaching out somewhere on the network ... or is it using that address to generate the GUID via a RNG?

Windows will use the MAC address of a network adapter as part of the generation.
Quote from: NoCforMe on July 01, 2024, 11:18:35 AMThis sounds like it implies that they may not be absolutely guaranteed to be unique. (How could a GUID produced by some unspecified PRNG be expected to be guaranteed unique?)
As unique as can be, with 122 bits to use, makes 5.3e+36 combinations.

The security problem comes from using a MAC address, in theory you could ID a computer this way.
QuoteFor security reasons, UuidCreate was modified so that it no longer uses a machine's MAC address to generate UUIDs. UuidCreateSequential was introduced to allow creation of UUIDs using the MAC address of a machine's Ethernet card.
🍺🍺🍺