Here's an excellent breakdown by Raymond Chen

这是 Raymond Chen 的精彩分析

No fixed-length value can ever guarantee to be 100% unique (just call it enough times, give or take the universe ending ;-p) - but it can be very, very, very unlikely to duplicate.

没有固定长度的值可以保证 100% 唯一（只要调用它足够多的次数，给予或接受宇宙结尾;-p） - 但它可能非常、非常、非常不可能重复。

I can't speak to the predictability of sequential numbers but it will be unique. I think you'd be better off using a random number generator from System.Security.Cryptography, though. Tie a random number with a monotonically increasing value (time) to generate your unique key and you can be sure that it is unique and not predictable.

我不能说序列号的可预测性，但它是独一无二的。不过，我认为您最好使用 System.Security.Cryptography 中的随机数生成器。将随机数与单调递增的值（时间）联系起来以生成您的唯一密钥，您可以确定它是唯一的且不可预测的。

The documentation for System.Guid.NewGuid() makes no guarantees for randomness, so while the current implementation is based on a random number generator (it's version 4 of the algorithm, which was devised after privacy concerns arose from version 1 which used the MAC address; other system's like Apple's OS X still use version 1 of the algorithm).

System.Guid.NewGuid() 的文档不保证随机性，因此虽然当前的实现基于随机数生成器（它是算法的第 4 版，该算法是在使用 MAC 的第 1 版引起隐私问题后设计的地址；其他系统如 Apple 的 OS X 仍然使用算法的第 1 版）。

So while you have a very high probabilty of System.Guid.NewGuid() generating a unique value, you can't make any assumptions about its predictability because that's not specified by the documentation.

因此，虽然 System.Guid.NewGuid() 生成唯一值的概率非常高，但您无法对其可预测性做出任何假设，因为文档中未指定。

I dunno about .NET, but the UUID algorithmis defined fairly precisely.

我不知道 .NET，但UUID 算法的定义相当精确。

edit: if you look at the appropriate bits (see wikipedia entry), that should explain which version of UUID is being used.

编辑：如果您查看适当的位（请参阅维基百科条目），那应该解释正在使用哪个版本的 UUID。

edit 2: a red flag for your use of the word "secure", which tells me you're better off using a well-defined cryptographic method. For example, when generating session IDs on a server, why just not do something simple like apply an MD5 hash to the concatenation of an appropriate subset of the following: {client machine IP address, sequentially incremented counter, fixed secret constant of your choice, output from random number generator of your choice, etc.} ?

编辑 2： 使用“安全”一词的危险信号，它告诉我您最好使用定义明确的加密方法。例如，在服务器上生成会话 ID 时，为什么不做一些简单的事情，例如将 MD5 哈希应用于以下适当子集的串联：{客户端机器 IP 地址，顺序递增的计数器，您选择的固定秘密常量，您选择的随机数生成器的输出等} ?

Assuming that System.Guid.NewGuid uses CoCreateGuid, it is not random at all. Historically, the algorithm used for creating guids was to incorporate the MAC address from a network adapter, in addition to some other things like the time. I'm not sure if the algorithm has changed. While it certainly is not random, it is guaranteed to be unique.

假设 System.Guid.NewGuid 使用 CoCreateGuid，它根本不是随机的。从历史上看，用于创建 guid 的算法是合并来自网络适配器的 MAC 地址，以及时间等其他一些东西。我不确定算法是否已更改。虽然它肯定不是随机的，但它保证是唯一的。

I basically want to know if I can trust the GUID to generate a value which will be unique 100% of the time and impossible to predict.

I'm basically rolling my on login system for a website and want to know if the GUID is secure enough for session cookies.

我基本上想知道我是否可以信任 GUID 生成一个值，该值在100% 的情况下都是唯一的并且无法预测。

我基本上是在启动网站的登录系统，并想知道GUID 对于会话 cookie 是否足够安全。

Short answer: not at all. It's important to note that uniqueand randomare completely different. If you had a universal counter (like taking a number at a deli), those numbers are unique, but completely predictable.

简短的回答：完全没有。需要注意的是unique和random是完全不同的。如果你有一个通用计数器（比如在熟食店取一个数字），这些数字是唯一的，但完全可以预测。

As Bochu notes above, Raymond's post here talks about it: https://blogs.msdn.microsoft.com/oldnewthing/20120523-00/?p=7553/

正如 Bochu 上面提到的，Raymond 的帖子在这里谈到了它：https://blogs.msdn.microsoft.com/oldnewthing/20120523-00/?p=7553 /

The GUID generation algorithm was designed for uniqueness. It was not designed for randomness or for unpredictability.Indeed, if you look at an earlier discussion, you can see that so-called Algorithm 1 is non-random and totally predictable. ... Even the Version 4 GUID algorithm (which basically says "set the version to 4 and fill everything else with random or pseudo-random numbers") is not guaranteed to be unpredictable, because the algorithm does not specify the quality of the random number generator.

GUID 生成算法是为唯一性而设计的。它不是为随机性或不可预测性而设计的。事实上，如果您查看之前的讨论，您会发现所谓的算法 1 是非随机的且完全可预测的。...即使是第 4 版 GUID 算法（基本上说“将版本设置为 4 并用随机数或伪随机数填充其他所有内容”）也不能保证是不可预测的，因为该算法没有指定随机数的质量数字生成器。

For secure random numbers, you need a crytographically secure random number generator.

对于安全的随机数，您需要一个密码学安全的随机数生成器。

By the way, "rolling my own login system" is a security red flag -- I would be remiss if I didn't point that out.

顺便说一句，“滚动我自己的登录系统”是一个安全危险信号——如果我不指出这一点，我就会失职。

GUIDs are, by definition, unique in all regards. There were, once upon a time, some GUID0-generation routines that were generating sequential GUIDs, but those were problems in... Win98, I think, and were hotfixed by Microsoft.

根据定义，GUID 在所有方面都是独一无二的。曾几何时，有一些生成顺序 GUID 的 GUID0 生成例程，但这些是... Win98 中的问题，我认为，并且由 Microsoft 进行了热修复。

You should be able to trust a generated GUID to be unique and never repeated or regenerated.

您应该能够相信生成的 GUID 是唯一的并且永远不会重复或重新生成。

(EDIT: Having said that, we all understand that a string of alphanumeric characters has a fixed number of permutations, if the string is fixed in length. But in the case of a GUID the number of permutations is economical*.)

（编辑：话虽如此，我们都明白，如果字符串的长度是固定的，那么一串字母数字字符具有固定数量的排列。但在 GUID 的情况下，排列数量是经济的*。）

(* Dammit, where's that XKCD where the proposes "astronomic" numbers aren't large enough?)

（* 该死的，建议“天文”数字不够大的 XKCD 在哪里？）