UUID – WindowsTechs.com

What are possible security considerations of using ULID for unique identifiers?

Posted on February 28, 2024 by Garrett Albright

ULID is a specification for unique identifiers which is intended as an alternative to traditional UUID. Some of the major differences are:

The creation date of the identifier is encoded into part of the identifier.
Because of the above, t… Continue reading What are possible security considerations of using ULID for unique identifiers?→

Is it possible to crack UUID [closed]

Posted on February 6, 2024 by Ali Saleh

I was testing on a webapp, and I came to the password reset functionality, when the reset link received,It contains UUID and a token,each user has his own UUID, I believe that the UUID is generated by using a userid and some kind of salt, … Continue reading Is it possible to crack UUID [closed]→

Can UUID v7 be treated as a unguessable, opaque identifier?

Posted on October 2, 2023 by Jonas

RFC4122bis specifies UUID v7, a version which contains 74 bits of randomness.
Assuming I use a CSPRNG to generate the random bits: Are these UUIDs considered to be unguessable and are enough to prevent attacks such as IDOR?

Continue reading Can UUID v7 be treated as a unguessable, opaque identifier?→

Could the signature of a JWT/JWS be used as a globally unique identifier?

Posted on June 15, 2023 by Travis Reeder

In other words, is a signature on a JWT or JWS always unique?

Continue reading Could the signature of a JWT/JWS be used as a globally unique identifier?→

Collision probability between truncating vs subsequencing of SHA256 hash to 128 bits?

Posted on December 27, 2022 by twentyfifthnight

I am taking a SHA256 hash output in hexadecimal (64 hex nibbles), subsequencing it by taking every other character to make it 32 hex nibbles or 128 bits, and formatting it into a UUID string.
This isn’t being used for security purposes, ma… Continue reading Collision probability between truncating vs subsequencing of SHA256 hash to 128 bits?→

Can a UUID or GUID be matched back to the originating computer?

Posted on November 27, 2022 by Mawg says reinstate Monica

A comment to this question on Reddit said

It’s almost a given that somewhere in one or more files is a UUID or GUID generated on OP’s computer. Those can, with enough effort, be matched back to the originating computer.

That seems like n… Continue reading Can a UUID or GUID be matched back to the originating computer?→

I’m testing an app that uses only v4 UUIDs as a cookie for authentication. What are some attacks I can try?

Posted on May 11, 2022 by study man

What are some attacks I can try against this form of authentication? How do I test if they are cryptographically secure as well?

Continue reading I’m testing an app that uses only v4 UUIDs as a cookie for authentication. What are some attacks I can try?→

UUIDs replacing inremental IDs in URLs

Posted on January 4, 2022 by myol

I am reading about implementing UUIDs in URLs instead of incremental IDs to reduce attack vectors using obfuscation. I plan to create a UUID from an incremental ID and store the UUID which would be used to access the data.
As per the speci… Continue reading UUIDs replacing inremental IDs in URLs→

Is UUID enough to secure public links? [duplicate]

Posted on September 12, 2021 by SeaBass

I send email invitations to people and each invitee gets a unique link where they can click on a button to leave a response. The data is not very secret, the worst thing that can happen is that someone leaves a response for someone else, b… Continue reading Is UUID enough to secure public links? [duplicate]→

Creating a unique password for each device/unit of the same product

Posted on August 5, 2021 by Baranikumar Venkatesan

We are currently working on an IoT product & having a hard time coming up with a strategy to create a unique password for each device/unit.
I do understand that password based on a function of { serial number, CPU id, MAC address or ti… Continue reading Creating a unique password for each device/unit of the same product→