To start, and define guid, i am using a .net framework Guid This is somewhat a hypothetical situation Users when preforming a specific action have guids generated. Each user can see their own guids. If a user was to know one of another user's guid there would be a security compromise.
How safe is this system if we asume that a user has no way to steal another user's guid and can only guess it?
I understand that blindly guessing guids is impossible. Even if they had a million success values, they would still have only a 10^20 chance of a successful guess
Where i am afraid a problem may exist is guid prediction. Can a user generate a large number of requests, look at the guids he got, and knowing the .net guid generation formula greatly improve his odds of guessing? Can these odds be reduced to a point where they would be a security concern? In that case how should keys be generated in a unique non guessable way?
I ask anyone who mentions the odds of guesses/collisions to add some hard meaning to it. Either an exact number to define odds, or something like, "it can be used to store account data, but not sensitive data"
EDIT
this question seems to go well into the territory I originally sought to explore with this question Is a GUID a good key for (temporary) encryption?