{"id":11815,"date":"2015-07-24T10:35:58","date_gmt":"2015-07-24T14:35:58","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=11815"},"modified":"2015-07-24T10:35:58","modified_gmt":"2015-07-24T14:35:58","slug":"dont-use-guids-as-passwords","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2015\/07\/24\/dont-use-guids-as-passwords\/","title":{"rendered":"Don&rsquo;t Use GUIDs As Passwords"},"content":{"rendered":"<p><a href=\"http:\/\/blogs.msdn.com\/b\/oldnewthing\/archive\/2015\/07\/01\/10624287.aspx\">Raymond Chen<\/a>:<\/p>\n<blockquote cite=\"http:\/\/blogs.msdn.com\/b\/oldnewthing\/archive\/2015\/07\/01\/10624287.aspx\"><p>This is a really bad idea. GUIDs are designed for uniqueness, not for security.<\/p>\n<p>\nFor example, we saw that\n<a href=\"http:\/\/blogs.msdn.com\/b\/oldnewthing\/archive\/2008\/06\/27\/8659071.aspx\">\nsubstrings of GUIDs are not unique<\/a>.\nFor example, in the classic v1 algorithm,\nthe first part of the GUID is a timestamp.\nTimestamps are a great technique for helping\nto build uniqueness, but they are horrifically\ninsecure because, well, duh, the current time\nis hardly a secret!\n<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Raymond Chen: This is a really bad idea. GUIDs are designed for uniqueness, not for security. For example, we saw that substrings of GUIDs are not unique. For example, in the classic v1 algorithm, the first part of the GUID is a timestamp. Timestamps are a great technique for helping to build uniqueness, but they [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[71,48],"class_list":["post-11815","post","type-post","status-publish","format-standard","hentry","category-technology","tag-programming","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11815","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=11815"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11815\/revisions"}],"predecessor-version":[{"id":11816,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11815\/revisions\/11816"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=11815"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=11815"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=11815"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}