Phobos randomUUID is not suitable to generate secrets
cpicard at purrfect.fr
Mon Aug 31 14:14:12 UTC 2020
On Monday, 31 August 2020 at 14:02:00 UTC, wjoe wrote:
> On Monday, 31 August 2020 at 07:49:24 UTC, Cym13 wrote:
> Very insightful article, thank you.
> I don't think the right approach to solve any problem is to
> silently support misuse.
> A better way, IMHO, would be to
> 1) Add a generateSecret() function to Phobos, and
> 2) Add a Warning to the docs and the use of the function that
> says something like: "A Universally Unique Identifier (UUID) is
> *not* a secret and shouldn't be used as such. This includes
> session cookies, password reset tokens, etc.. For such purposes
> use generateSecret() instead. This message can be disabled by
> providing version=IUnderstandThatUUIDsAreNotSecrets", and
> 3) Silently implement randomUUID() to use generateSecret()
> because people aren't listening.
> I believe a big part of any solution is to destroy assumptions
> and to make people aware of their misconceptions/mistakes.
It's not a bad battleplan even though a warning at function use
might be a bit cumbersome :) One of my favourite initiatives for
security, all languages considered, is Python's standard module
"secrets" (see ). It exposes very few things: 1) the system's
CSPRNG, 2) various token generators (for example a binary one and
a url-base64 encoded one to reduced encoding mistakes) and 3) a
constant-time string comparison function. That's it. Most of
these things are actually defined elsewhere. But it worked well
and now whenever a python project requires something that has to
do with manipulating secrets people are redirected toward that
module where they can use stuff with minimal chance to get it
More information about the Digitalmars-d