Quote Originally Posted by Ebon_Drake View Post
my point is it's not impossible.

How long does it take 20 people, 50 people, 100 people trying this method from as many computers before hitting on 1 valid ID that doesn't belong to them. Are you suggesting that since it took so long to get one ID that it's ok? Is it fair to the person whose account they stole?

It shouldn't be possible at all.
How long? Uh, many, many years. I don't think you realize the magnitude of the probability we are talking about here. Do you realize how many of the 2^128 GUIDs are actually active at the moment? What a million at the very very most? That's a .000000000000001% chance you are going to hit an active GUID.

Social engineering people into giving you their credentials is going to be far more successful then trying to brute force a 32 digit HEX GUID.