Security Guide
Security Overview
UUID library is designed with security in mind, using cryptographically secure random number generation by default.
Key Security Features
- Cryptographically secure random number generation
- Protection against timing attacks
- Safe string parsing and validation
- Thread-safe operations
Random Number Generation
Secure Generation
UUID uses System.Security.Cryptography.RandomNumberGenerator for secure random number generation:
// Automatically uses secure RNG
var uuid = new UUID();
// For bulk operations
UUID[] uuids = new UUID[1000];
ArrayExtension.Fill(uuids); // Still uses secure RNGSecurity Best Practices
Recommended Practices
- Always validate UUID inputs
- Use TryParse for untrusted input
- Store UUIDs in their binary form when possible
- Use URL-safe Base32 encoding for web contexts
Practices to Avoid
- Don't use UUIDs for sensitive data encoding
- Don't use UUIDs as security tokens
- Don't assume sequential UUIDs are secure
- Don't expose internal UUID representation
Input Validation
Safe Parsing
Always use TryParse for untrusted input:
// Safe parsing of untrusted input
public bool ValidateUserInput(string input)
{
if (UUID.TryParse(input, out var uuid))
{
// Input is a valid UUID
ProcessValidUUID(uuid);
return true;
}
return false;
}Secure Storage
Database Storage
Best practices for storing UUIDs in databases:
-- SQL Server
CREATE TABLE Users (
Id BINARY(16) PRIMARY KEY, -- Most efficient
-- or
Id UNIQUEIDENTIFIER PRIMARY KEY -- If you need native UUID type
);Entity Framework
Configure EF Core for secure UUID handling:
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.Entity<User>()
.Property(e => e.Id)
.HasConversion(
v => v.ToByteArray(), // Store as binary
v => new UUID(v));
}Cryptographic Notes
Important Security Notes
- UUIDs are not suitable for cryptographic purposes
- Do not use UUIDs to store sensitive information
- UUIDs are not guaranteed to be unique across systems
- Use proper cryptographic functions for security-critical operations