What is the probability of guessing (matching) a Guid?

RhinoDevX64 picture RhinoDevX64 · Feb 2, 2011 · Viewed 10.3k times · Source

Just curious but what is the probability of matching a Guid?

Say a Guid from SQL server: 5AC7E650-CFC3-4534-803C-E7E5BBE29B3D

is it a factorial?: (36*32)! = (1152)!

discuss =D

Answer

jason picture jason · Feb 2, 2011

It's not clear what you're asking. I see two ways to interpret your question.

  1. Given a GUID g, what is the probability of someone guessing it? Let's assume for simplicity that all 128 bits of a GUID are available. Then the probability of guessing g is 2^-128. That's small. Let's get some intuition around that. Let's assume that our attacker can generate one billion GUIDs per second. To have a 50% chance of guessing g, our attacker would have to generate 2^127 GUIDs. At a rate of one billion per second, it would take 5391448762278159040348 years to generate 2^127 GUIDs.

  2. We are generating a collection of guids. What is the likelihood of a collision? That is, what is the likelihood that we generate two guids with the same value? This is the birthday paradox. If you generate a sequence of n GUIDs randomly, then the probability of at least one collision is approximately p(n) = 1 - exp(-n^2 / 2 * 2^128) (this is the birthday problem with the number of possible birthdays being 2^128).

n p(n) 2^30 1.69e-21 2^40 1.77e-15 2^50 1.86e-10 2^60 1.95e-03

So, even if you generate 2^60 GUIDs, the odds of a collision are extremely small. If you can generate one billion GUIDs per second, it would still take 36 years to have a 1.95e-03 chance of a collision.