Phobos randomUUID is not suitable to generate secrets

Steven Schveighoffer schveiguy at
Sun Sep 6 01:17:59 UTC 2020

On 9/5/20 6:41 AM, Johannes Pfau wrote:
> Unfortunately, we can not silently replace this overload to use a secure
> RNG: On linux, would we use random or urandom? And the system rng can
> block on low entropy, which could cause regressions in some applications.
> Also some applications (like vibe.d) would probably rather block a fiber
> than a thread, which complicates things more.

1. The default should be changed, even if it's not as performant. There 
is no promise about randomUUID's performance.

2. vibe.d does not depend on this, so there are no worries about 
blocking a thread.


More information about the Digitalmars-d mailing list