Phobos randomUUID is not suitable to generate secrets

Cym13 cpicard at
Mon Aug 31 14:14:12 UTC 2020

On Monday, 31 August 2020 at 14:02:00 UTC, wjoe wrote:
> On Monday, 31 August 2020 at 07:49:24 UTC, Cym13 wrote:
>> [...]
> Very insightful article, thank you.
> I don't think the right approach to solve any problem is to 
> silently support misuse.
> A better way, IMHO, would be to
> 1) Add a generateSecret() function to Phobos, and
> 2) Add a Warning to the docs and the use of the function that 
> says something like: "A Universally Unique Identifier (UUID) is 
> *not* a secret and shouldn't be used as such. This includes 
> session cookies, password reset tokens, etc.. For such purposes 
> use generateSecret() instead. This message can be disabled by 
> providing version=IUnderstandThatUUIDsAreNotSecrets", and
> 3) Silently implement randomUUID() to use generateSecret() 
> because people aren't listening.
> I believe a big part of any solution is to destroy assumptions 
> and to make people aware of their misconceptions/mistakes.

It's not a bad battleplan even though a warning at function use 
might be a bit cumbersome :) One of my favourite initiatives for 
security, all languages considered, is Python's standard module 
"secrets" (see [1]). It exposes very few things: 1) the system's 
CSPRNG, 2) various token generators (for example a binary one and 
a url-base64 encoded one to reduced encoding mistakes) and 3) a 
constant-time string comparison function. That's it. Most of 
these things are actually defined elsewhere. But it worked well 
and now whenever a python project requires something that has to 
do with manipulating secrets people are redirected toward that 
module where they can use stuff with minimal chance to get it 


More information about the Digitalmars-d mailing list