问题
This question here is about creating an authentication scheme. The accepted answer given by AviD states
Your use of a cryptographic nonce is also important, that many tend to skip over - e.g. "lets just use a GUID"...
Which leads me to my question. Why wouldn't you just use a GUID?
回答1:
Whenever you randomly generate a random number intended to be used in cryptography, you should be really sure that the number is really random. GUIDs tend to be generated based on values that can be discovered, guessed or inferred, such as current system time or a network card MAC address, and thus the nonce could potentially be guessed.
回答2:
Nonces should be random (or at least non-guessable). GUIDs have quite a bit of non-randomness to them (I'm not sure how many bits of entropy are in a GUID).
来源:https://stackoverflow.com/questions/3221710/what-is-the-difference-between-a-nonce-and-a-guid