如何安全地不可猜测是GUID的? [英] How securely unguessable are GUIDs?
问题描述
前一段时间,我曾在一个Web应用程序,用户可以购买门票。由于方式我们客户的工作流程,你有效地得到作为您购买的结果是,在它的票号的URL。
A while ago I worked on a web application where users could buy tickets. Due to the way our client's processes worked, what you effectively got as a result of your purchase was a URL with the ticket number in it.
这些是票购买房产,在中东地区,每张票是潜在价值约$ 3000000。显然祭出连续整数将是一个坏主意。我们使用的GUID作为他们基本上不可猜测,但我的问题是:他们是足够安全的。
These were tickets to buy property in the Middle East, and each ticket was potentially worth around $3,000,000. Clearly dishing out sequential integers would have been a bad idea. We used GUIDs as they're basically unguessable, but my question is: are they secure enough?
据我了解,在.NET的GUID产生完全的伪随机(除了少数非变位)。但是,我不知道是什么算法来生成它们。
As I understand it, the GUIDs .NET produces are totally pseudo-random (except for a few non-varying bits). However, I don't know what algorithm is used to generate them.
MSDN文档告诉我们, 随机 是速度快,不安全,和<一href="http://msdn.microsoft.com/en-us/library/system.security.cryptography.rngcryptoserviceprovider.aspx"><$c$c>RNGCryptoServiceProvider是缓慢和安全。也就是说,它是合理的假设有人可能会投入足够的努力,以predict 随机的结果而不是 RNGCryptoServiceProvider 。
The MSDN documentation tells us that Random is fast and insecure, and RNGCryptoServiceProvider is slow and secure. That is, it's reasonable to assume someone could put in enough effort to predict the outcome of Random, but not of RNGCryptoServiceProvider.
如果您看到GUID的足够长的序列,才有可能为predict期货的呢?如果是这样,有多少你需要看的?
If you saw a long enough sequence of GUIDs, would it be possible to predict futures ones? If so, how many would you need to see?
[在我们的特定情况下有物理安全检查以后 - 你不得不present你用来买你的机票,护照 - 所以它不会一直的太的不好,如果有人已经猜到别人的GUID,所以我们没有在当时出汗。使用GUID作为数据库键使它成为有用的数据类型,使用的方便性。]
[In our particular case there were physical security checks later on - you had to present the passport you used to buy your ticket - so it wouldn't have been too bad if someone had guessed someone else's GUID, so we didn't sweat it at the time. The convenience of using the GUID as a database key made it a useful datatype to use.]
编辑:
因此,答案是不足够的。
So the answer is "not enough".
使用 0xA3执行的下面的答案,及继起的链接<一个href="http://stackoverflow.com/questions/2621563/how-random-is-system-guid-newguid-take-two">question他联系到,以下code会产生一个加密的随机GUID这是由RFC 4122 4.4节有效一>:
Using 0xA3's answer below, and following links from the question he linked to, the following code will generate a cryptographically random GUID that's valid by Section 4.4 of RFC 4122:
static Guid MakeCryptoGuid()
{
// Get 16 cryptographically random bytes
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] data = new byte[16];
rng.GetBytes(data);
// Mark it as a version 4 GUID
data[7] = (byte)((data[7] | (byte)0x40) & (byte)0x4f);
data[8] = (byte)((data[8] | (byte)0x80) & (byte)0xbf);
return new Guid(data);
}
这会产生GUID的速度远远慢于 Guid.NewGuid(),但与122位很随意的数据,它们是安全的联合国predictable。
This produces GUIDs much more slowly than Guid.NewGuid(), but with 122 bits of "very random" data, they are safely unpredictable.
当然,任何加密的随机文字会的票号进行,但GUID是pretty的得心应手。 : - )
Of course, any cryptographically random text would have done for a ticket number, but GUIDs are pretty handy. :-)
与其他版本4的GUID有独特性,没有绝对的保证,但赔率是IM pressive。只要你有少于326,915,130,069,135,865(即的sqrt(-2 * 2 ^ 122 * LN(0.99)))在同时播放的GUID,你就可以超过99%,确保没有冲突。换句话说:如果像我这样的应用程序将所有的地方溢出错误,如果你有一个以上 int.MaxValue pretty的任何东西,你可以更比99.9999999999999999%肯定没有冲突(即E ^ - (((2 ^ 31-1)^ 2)/(2 * 2 ^ 122)))。这大约是一千倍以上肯定比你可以是一个陨石会不会在应用程序上线(即的每1亿岁的)。
As with other version 4 GUIDs there's no absolute guarantee of uniqueness, but the odds are impressive. So long as you have fewer than 326,915,130,069,135,865 (i.e. sqrt(-2*2^122*ln(0.99))) GUIDs in play simultaneously, you can be more than 99% sure there are no collisions. Put another way: if like mine your application will have overflow errors all over the place if you have more than int.MaxValue of pretty much anything, you can be more than 99.9999999999999999% sure of no collisions (i.e. e^-(((2^31-1)^2)/(2*2^122))). This is about a thousand times more sure than you can be that a meteorite won't wipe out most of life on Earth within one second of the application going live (i.e. one per 100 million years).
推荐答案
的UUID / GUID的是由 RFC4122 。虽然版本4的UUID是由随机数部分创建6 作出明确声明的安全性:
UUIDs/GUIDs are specified by RFC4122. Although Version 4 UUIDs are created from random numbers Section 6 makes an explicit statement on security:
不要假设的UUID是很难猜测;它们不应该使用 作为安全功能(标识符,其仅仅拥有补助 访问),例如。一个predictable随机数源将 使局势恶化。
Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example. A predictable random number source will exacerbate the situation.
GUID的随机性的一个很好的讨论也可以在这个问题上找到:
A good discussion of the randomness of GUIDs can also be found in this question:
如何随机是System.Guid.NewGuid() ? (取二)
How Random is System.Guid.NewGuid()? (Take two)
这篇关于如何安全地不可猜测是GUID的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
