Create a cryptographically secure random GUID in .NET

c# .net security guid
jedd.ahyoung picture jedd.ahyoung · May 11, 2016 · Viewed 8.3k times · Source

I want to create a cryptographically secure GUID (v4) in .NET.

.NET's Guid.NewGuid() function is not cryptographically secure, but .NET does provide the System.Security.Cryptography.RNGCryptoServiceProvider class.

I would like to be able to pass a random number function as a delegate to Guid.NewGuid (or even pass some class that provides a generator interface) but it doesn't look as though that is possible with the default implementation.

Can I create a cryptographically secure GUID by using System.GUID and System.Security.Cryptography.RNGCryptoServiceProvider together?

Answer

Gusman picture Gusman · May 11, 2016

Yes you can, Guid allows you to create a Guid using a byte array, and RNGCryptoServiceProvider can generate a random byte array, so you can use the output to feed a new Guid:

public Guid CreateCryptographicallySecureGuid() 
{
    using (var provider = new RNGCryptoServiceProvider()) 
    {
        var bytes = new byte[16];
        provider.GetBytes(bytes);

        return new Guid(bytes);
    }
}

Related questions

Why is JsonRequestBehavior needed?

Why is Json Request Behavior needed? If I want to restrict the HttpGet requests to my action I can decorate the action with the [HttpPost] attribute Example: [HttpPost] public JsonResult Foo() { return Json("Secrets"); } // Instead of: public JsonResult Foo() { return …

Read More
Convert String to SecureString

How to convert String to SecureString?

Read More
How to convert SecureString to System.String?

All reservations about unsecuring your SecureString by creating a System.String out of it aside, how can it be done? How can I convert an ordinary System.Security.SecureString to System.String? I'm sure many of you who are familiar …

Read More