This question here is about creating an authentication scheme. The accepted answer given by AviD states
Your use of a cryptographic nonce is also impo
Whenever you randomly generate a random number intended to be used in cryptography, you should be really sure that the number is really random. GUIDs tend to be generated based on values that can be discovered, guessed or inferred, such as current system time or a network card MAC address, and thus the nonce could potentially be guessed.