jedd.ahyoung jedd.ahyoung - 1 month ago 9
C# Question

Create a cryptographically secure random GUID in .NET

I want to create a cryptographically secure GUID (v4) in .NET.

.NET's

Guid.NewGuid()
function is not cryptographically secure, but .NET does provide the
System.Security.Cryptography.RNGCryptoServiceProvider
class.

I would like to be able to pass a random number function as a delegate to
Guid.NewGuid
(or even pass some class that provides a generator interface) but it doesn't look as though that is possible with the default implementation.

Can I create a cryptographically secure GUID by using
System.GUID
and
System.Security.Cryptography.RNGCryptoServiceProvider
together?

Answer

Yes you can, Guid allows you to create a Guid using a byte array, and RNGCryptoServiceProvider can generate a random byte array, so you can use the output to feed a new Guid:

public Guid CreateCryptographicallySecureGuid() {
    using (var provider = new RNGCryptoServiceProvider()) {
        var bytes = new byte[16];
        provider.GetBytes(bytes);

        return new Guid(bytes);
    }
}
Comments