
Security News
Meet Socket at Black Hat and DEF CON 2025 in Las Vegas
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
A .Net ULID implementation
A GUID/UUID can be suboptimal for many use-cases because:
A ULID however:
PM> Install-Package NUlid
Or simply use the Nuget package manager GUI in Visual Studio.
Creating a ULID:
// Create a ULID
var myulid = Ulid.NewUlid();
// Print ULID
Console.WriteLine(myulid);
Output:
01ASB2XFCZJY7WHZ2FNRTMQJCT
Parsing a ULID:
// Parse ULID:
var myulid = Ulid.Parse("01ASB2XFCZJY7WHZ2FNRTMQJCT");
// Print time-part of ULID:
Console.WriteLine(myulid.Time);
Output:
4-8-2016 15:31:59 +00:00
You can also convert from/to GUID/UUID's, get the byte-representation of a ULID, create a ULID with specific timestamp and you can even specify an IUlidRng
to use for generating the randomness (by default NUlid uses the CSUlidRng
but a SimpleUlidRng
is also provided, as well as a MonotonicUlidRng
). The ULID is implemented as a struct
with (operator) overloads for (in)equality, comparison etc. built-in and is, generally, very much like .Net's native Guid
struct. An extensive helpfile is provided in the Nuget package and the testsuite also serves as a (simple) demonstration of NUlid's features.
Below is the current specification of ULID as implemented in this repository.
01AN4Z07BY 79KA1307SR9X4MV3
|----------| |----------------|
Timestamp Randomness
10 chars 16 chars
48bits 80bits
base32 base32
Timestamp
Randomness
As of v1.4.0 monotonic ULID's are supported (see below).
When generating a ULID within the same millisecond, it is possible to provide some guarantees regarding sort order (with some caveats). When you use the MonotonicUlidRng
and a newly generated ULID in the same millisecond is detected, the random component is incremented by 1 bit in the least significant bit position (with carrying). For example:
// Create monotonic rng
var rng = new MonotonicRng();
// Create ULIDs, assume that these calls occur within the same millisecond:
Console.WriteLine(Ulid.NewUlid(rng)); // 01DBN5W2SG000DCBVYHX4T6MCX
Console.WriteLine(Ulid.NewUlid(rng)); // 01DBN5W2SG000DCBVYHX4T6MCY
Console.WriteLine(Ulid.NewUlid(rng)); // 01DBN5W2SG000DCBVYHX4T6MCZ
Console.WriteLine(Ulid.NewUlid(rng)); // 01DBN5W2SG000DCBVYHX4T6MD0
Console.WriteLine(Ulid.NewUlid(rng)); // 01DBN5W2SG000DCBVYHX4T6MD1
Console.WriteLine(Ulid.NewUlid(rng)); // 01DBN5W2SG000DCBVYHX4T6MD2
By default the most significant bit of the random part is set to zero; this ensures you can generate enough ULID's after the initial one before causing an overflow. Some implementations simply pick a random value for the random part and increment this value, however, there's a (very small) chance that this random part is close to the overflow value. If you then happen to generate a lot of ULID's within the same millisecond there is a risk the you hit the overflow. By our method we ensure there's enough 'room' for new values before 'running out of values' (overflowing). It is, with some effort, even possible to 'resume counting' from any given ULID.
Crockford's Base32 is used as shown. This alphabet excludes the letters I, L, O, and U to avoid confusion and abuse.
0123456789ABCDEFGHJKMNPQRSTVWXYZ
The components are encoded as 16 octets. Each component is encoded with the Most Significant Byte first (network byte order).
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 32_bit_uint_time_high |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 16_bit_uint_time_low | 16_bit_uint_random |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 32_bit_uint_random |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 32_bit_uint_random |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ttttttttttrrrrrrrrrrrrrrrr
Where:
t
is Timestamp
r
is Randomness
Based on / inspired by alizain/ulid.
Below measurements are based on an Intel(R) Core(TM) i9-10900X CPU @ 3.70Ghz:
BenchmarkDotNet v0.14.0, Windows 11 (10.0.26100.4061)
Intel Core i9-10900X CPU 3.70GHz, 1 CPU, 20 logical and 10 physical cores
.NET SDK 9.0.204
[Host] : .NET 9.0.5 (9.0.525.21509), X64 RyuJIT AVX-512F+CD+BW+DQ+VL
DefaultJob : .NET 9.0.5 (9.0.525.21509), X64 RyuJIT AVX-512F+CD+BW+DQ+VL
| Method | Mean | Error | StdDev | Gen0 | Allocated |
|------------------------------------- |-----------:|----------:|----------:|-------:|----------:|
| Guid.NewGuid() | 61.045 ns | 0.4488 ns | 0.3978 ns | - | - |
| Ulid.NewUlid(SimpleUlidRng) | 35.331 ns | 0.2170 ns | 0.1694 ns | - | - |
| Ulid.NewUlid(CSUlidRng) | 104.516 ns | 0.5099 ns | 0.4258 ns | - | - |
| Ulid.NewUlid(SimpleMonotonicUlidRng) | 51.985 ns | 0.3772 ns | 0.3344 ns | - | - |
| Ulid.NewUlid(CSMonotonicUlidRng) | 52.000 ns | 0.1184 ns | 0.1050 ns | - | - |
| Guid.Parse(string) | 100.885 ns | 1.2808 ns | 1.1354 ns | 0.0095 | 96 B |
| Ulid.Parse(string) | 199.476 ns | 3.2495 ns | 3.0396 ns | 0.0181 | 184 B |
| Guid.ToString() | 76.089 ns | 0.8230 ns | 0.6426 ns | 0.0095 | 96 B |
| Ulid.ToString() | 131.441 ns | 0.5919 ns | 0.4943 ns | 0.0079 | 80 B |
| 'new Guid(byte[])' | 9.341 ns | 0.1644 ns | 0.1538 ns | 0.0040 | 40 B |
| 'new Ulid(byte[])' | 11.045 ns | 0.1987 ns | 0.1951 ns | 0.0040 | 40 B |
| Guid.ToByteArray() | 65.470 ns | 0.1393 ns | 0.1163 ns | 0.0039 | 40 B |
| Ulid.ToByteArray() | 111.239 ns | 0.9540 ns | 0.7966 ns | 0.0038 | 40 B |
| Ulid.ToGuid() | 106.292 ns | 0.2446 ns | 0.2043 ns | - | - |
| 'new Ulid(Guid)' | 65.200 ns | 0.2050 ns | 0.1712 ns | - | - |
FAQs
A .Net ULID implementation
We found that nulid demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.
Security News
Deno 2.4 brings back bundling, improves dependency updates and telemetry, and makes the runtime more practical for real-world JavaScript projects.