Friday, 19 April 2013

Is RNGCryptoServiceProvider is 'fast enough' to create a GUID (and using O2’s C# REPL to quickly test some C# code (i.e. s)

Earlier today Kofi (TM Dev) asked me if we could use the .NET's RNGCryptoServiceProvider (see Generating Cryptographically Secure Random Numbers) to create GUIDs:

Where he pointed to the TeamMentor’s Issue 258 at GitHub


and this code sample (in this Gist):


How slow is 10x?

That code looks good (it is basically using the RNGCryptoServiceProvider to create 16 bytes which are then used to create a GUID), so my only question was ‘how slow is 10x’?

Since that code cannot be executed from that Gist, I quickly converted it into a C# REPL script which I could executed locally (see code here)


I added a couple small changes, like for example the use of a captured Console Out popup window:


So that when executed it looks like this:


To see the minimum amount of time required to create a couple GUIDs, here are more tests:


Result’s analysis:

This is how long it takes to create the different types of GUIDs (normal and 'secure'):
  • 1000000x (1 Million) GUIDS take 182ms
  • 1000000x (1 Million) ‘secure’ GUIDS take 3,647ms  (3,5 secs)
  • 5000x GUIDS take 21ms
  • 5000x ‘secure’ GUIDS take 78ms
  • 1x to 200x GUIDS take about 1ms
  • 1x ‘secure’ GUIDS take 17ms
  • 1x ‘secure’ GUIDS take 16ms
  • 5x ‘secure’ GUIDS take 14ms
  • 25x ‘secure’ GUIDS take 18ms
  • 50x ‘secure’ GUIDS take 14ms
  • 100x ‘secure’ GUIDS take 16ms
  • 200x ‘secure’ GUIDS take 14ms
basically it looks like we can create a ‘secure’ GUID in about 15ms , which is pretty good and shouldn't have any noticeable impact on TM’s performance.

After looking about this, I have three questions:
  • Why doesn't the .NET framework provide the ‘secure’ GUID version by default?
  • Is there a native to .Net 'secure GUID' function?
  • Is there a faster way to calculate this GUID? (just curious about it, since the current solutions is fast enough for TeamMentor)

Using online C# REPL

With the converted script already in REPL format, it was easy to modify it so that I could run it on the O2’ C# WEB REPL GUI:


we can also confirm that the secure GUIDs are quite quick to create (50000 in 557ms)


Here is the saved version of this script:

1 comment:

Unknown said...

Which if any of them suffer from entropy exhaustion, and how many GUIDs can be generated before that happens?