Phobos randomUUID is not suitable to generate secrets

Cym13 cpicard at
Thu Sep 3 13:31:01 UTC 2020

On Thursday, 3 September 2020 at 13:23:39 UTC, Cym13 wrote:
> On Wednesday, 2 September 2020 at 16:49:30 UTC, Joseph Rushton 
> Wakeling wrote:
>> ...

I feel that answer was confused, let me reformulate.

You are correct when you say that randomUUID() alone just takes 
whatever the RNG provides and isn't broken by itself. Should you 
provide cryptographically secure randomness it would be OK to 
use. However I have never seen randomUUID() used with a PRNG 
other than the default one (and I searched), which is what I 
attacked in that article. The reason why I focus on UUID 
generation and not just breaking the default PRNG on its own is 
twofold: first I saw much more bad usage of randomUUID() than of 
uniform() itself, and second some people had expressed doubts 
that it was exploitable at all in this context. My main goal with 
this article is not to change randomUUID itself (as you pointed 
out, it does not present any bug), but to change the default PRNG 
used for randomUUID() to be a cryptographically secure one 
because this is the only way to prevent more people to fall into 
the same trap of expecting it to be secure.

More information about the Digitalmars-d mailing list