Here's an excellent breakdown by Raymond Chen

I dunno about .NET, but the UUID algorithm is defined fairly precisely.

edit: if you look at the appropriate bits (see wikipedia entry), that should explain which version of UUID is being used.

edit 2: a red flag for your use of the word "secure", which tells me you're better off using a well-defined cryptographic method. For example, when generating session IDs on a server, why just not do something simple like apply an MD5 hash to the concatenation of an appropriate subset of the following: {client machine IP address, sequentially incremented counter, fixed secret constant of your choice, output from random number generator of your choice, etc.} ?

Assuming that System.Guid.NewGuid uses CoCreateGuid, it is not random at all. Historically, the algorithm used for creating guids was to incorporate the MAC address from a network adapter, in addition to some other things like the time. I'm not sure if the algorithm has changed. While it certainly is not random, it is guaranteed to be unique.

No fixed-length value can ever guarantee to be 100% unique (just call it enough times, give or take the universe ending ;-p) - but it can be very, very, very unlikely to duplicate.

I basically want to know if I can trust the GUID to generate a value which will be unique 100% of the time and impossible to predict.

I'm basically rolling my on login system for a website and want to know if the GUID is secure enough for session cookies.

Short answer: not at all. It's important to note that unique and random are completely different. If you had a universal counter (like taking a number at a deli), those numbers are unique, but completely predictable.

As Bochu notes above, Raymond's post here talks about it: https://blogs.msdn.microsoft.com/oldnewthing/20120523-00/?p=7553/

The GUID generation algorithm was designed for uniqueness. It was not designed for randomness or for unpredictability. Indeed, if you look at an earlier discussion, you can see that so-called Algorithm 1 is non-random and totally predictable. ... Even the Version 4 GUID algorithm (which basically says "set the version to 4 and fill everything else with random or pseudo-random numbers") is not guaranteed to be unpredictable, because the algorithm does not specify the quality of the random number generator.

For secure random numbers, you need a crytographically secure random number generator.

By the way, "rolling my own login system" is a security red flag -- I would be remiss if I didn't point that out.

I can't speak to the predictability of sequential numbers but it will be unique. I think you'd be better off using a random number generator from System.Security.Cryptography, though. Tie a random number with a monotonically increasing value (time) to generate your unique key and you can be sure that it is unique and not predictable.