Click here to Skip to main content
Click here to Skip to main content
Technical Blog

Hack that GUID

, 30 Nov 2011 CPOL
Rate this:
Please Sign up or sign in to vote.
How to hack GUIDs.

Can you hack GUIDs? Let's give it a go:

Give me as much information as you can about the following GUID:

e56d9850-e9a7-11e0-9572-0800200c9a66

How about this one?

acfb0e5e-4869-405a-a36e-852a1688bce7

What I am interested in is the explanation of what you can extract and why; but if you extract some values, that is even better :P

Please post your answers as comments. I will post the answer in a few days and until then the comments will be kept private.

Answer

As Tony and Hadi correctly answered, the first GUID above is a version 1 GUID which has a timestamp and the MAC address of the machine that created it while the latter is version 4 which is randomly generated; so not much can be extracted from it.

Long Answer

From Wikipedia article, "the original (version 1) generation scheme for UUIDs was to concatenate the UUID version with the MAC address of the computer that is generating the UUID, and with the number of 100-nanosecondintervals since the adoption of the Gregorian calendar in the West. This scheme has been criticized in that it is not sufficiently "opaque"; it reveals both the identity of the computer that generated the UUID and the time at which it did so."

And to understand the significance of the issue in V1 algorithm". This privacy hole was used when locating the creator of the Melissa virus.". To address these issues version 4 was created which is randomly generated: "Version 4 UUIDs use a scheme relying only on random numbers. This algorithm sets the version number as well as two reserved bits. All other bits are set using a random or pseudorandom data source. Version 4 UUIDs have the form xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx where x is any hexadecimal digit and y is one of 89A, or B. E.g., f47ac10b-58cc-4372-a567-0e02b2c3d479."

As mentioned above you can differentiate GUID versions using the first letter of the third group of letters. As you can see in my example the former GUID is V1 (e56d9850-e9a7-11e0-9572-0800200c9a66) and the latter is V4 (acfb0e5e-4869-405a-a36e-852a1688bce7).

Microsoft started using version 4 from Windows 2000: "The upper four bits of the timestamp section contain the GUID's version that specifies the content of each section. Before Windows 2000, the CoCreateGuid function generated version 1 GUIDs. With Windows 2000, Microsoft switched to version 4 GUIDs, since embedding the MAC address was viewed as a security risk. The PocketGuid class also generates version 4 GUIDs.". Also it is worth mentioning that .NET and SQL Server use underlying OS algorithm to generates GUIDs and as such you are guaranteed to get GUID V4.

Hope this helps.

If you enjoyed this article/quiz, you can subscribe to GeekQuiz blog or follow GeekQuiz on twitter.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Mehdi Khalili
Software Developer (Senior) ThoughtWorks
United States United States
I work as a Senior Consultant for ThoughtWorks
Follow on   Twitter   Google+   LinkedIn

Comments and Discussions

 
QuestionWow Pinmemberbbilginn5-Dec-11 22:31 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web01 | 2.8.141022.2 | Last Updated 30 Nov 2011
Article Copyright 2011 by Mehdi Khalili
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid