Phobos randomUUID is not suitable to generate secrets

Paul Backus snarwin at
Sat Sep 5 13:06:14 UTC 2020

On Saturday, 5 September 2020 at 10:41:34 UTC, Johannes Pfau 
> Unfortunately, we can not silently replace this overload to use 
> a secure RNG: On linux, would we use random or urandom? And the 
> system rng can block on low entropy, which could cause 
> regressions in some applications. Also some applications (like 
> vibe.d) would probably rather block a fiber than a thread, 
> which complicates things more.

On linux, you would use /dev/urandom (or getrandom(2) if you 
don't need to support old kernel versions), since it is just as 
secure as /dev/random and does not block. [1]


More information about the Digitalmars-d mailing list