Phobos randomUUID is not suitable to generate secrets
Cym13
cpicard at purrfect.fr
Thu Sep 3 13:31:01 UTC 2020
On Thursday, 3 September 2020 at 13:23:39 UTC, Cym13 wrote:
> On Wednesday, 2 September 2020 at 16:49:30 UTC, Joseph Rushton
> Wakeling wrote:
>> ...
I feel that answer was confused, let me reformulate.
You are correct when you say that randomUUID() alone just takes
whatever the RNG provides and isn't broken by itself. Should you
provide cryptographically secure randomness it would be OK to
use. However I have never seen randomUUID() used with a PRNG
other than the default one (and I searched), which is what I
attacked in that article. The reason why I focus on UUID
generation and not just breaking the default PRNG on its own is
twofold: first I saw much more bad usage of randomUUID() than of
uniform() itself, and second some people had expressed doubts
that it was exploitable at all in this context. My main goal with
this article is not to change randomUUID itself (as you pointed
out, it does not present any bug), but to change the default PRNG
used for randomUUID() to be a cryptographically secure one
because this is the only way to prevent more people to fall into
the same trap of expecting it to be secure.
More information about the Digitalmars-d
mailing list