Phobos randomUUID is not suitable to generate secrets

Johannes Pfau nospam at example.com
Sun Sep 6 11:13:48 UTC 2020


Am Sat, 05 Sep 2020 10:41:34 +0000 schrieb Johannes Pfau:

> 
> I propose the following:
> 1) Deprecate the version using the system RNG. Add a hint in the message
> that this function is not cryptographicallly secure. Add a reference to
> documentation how to update code.
> 2) Update documentation examples to show how to provide the phobos
> default RNG. State that this is not cryptographically secure.
> 3) Optionally: Implement a Secure, System based RNG.
> 
> I'll open a pull request for steps 1-2 today, so that the immediate
> problem is solved. I'll also have a look how difficult it is to do 3).


PR for 1), 2) is here: https://github.com/dlang/phobos/pull/7618
Testing is mostly ok, the only problem is that the deprecation triggers
on import std.uuid : randomUUID even if the 0-parameter overload is not 
used. The dscanner test however complains in one of the unittests when
using a local, non-selective import..

Initial PR for 3) is at https://github.com/dlang/phobos/pull/7619 but 
faces some more serious complications:
* how to handle static initialization of __gshared variables
* how to do file IO. std.stdio.File is not @nogc, reinventing the wheel 
and using low-level posix/C APIs as in vibe.d or MIR is usually also not 
welcome in phobos.
* (how to detect kernel / glibc version. So we want to do syscalls 
manually, like vibe.d, ignoring the glibc version? Then we still have to 
check if the kernel supports the syscall. Sounds annoying, so I used the /
dev/urandom implementation for linux for now).

I unfortunately don't have much time to work on 3), so if anyone wants to 
chime in there, feel free to enhance that code in the PR ;-)


-- 
Johannes


More information about the Digitalmars-d mailing list