Phobos randomUUID is not suitable to generate secrets
nospam at example.com
Sun Sep 6 11:13:48 UTC 2020
Am Sat, 05 Sep 2020 10:41:34 +0000 schrieb Johannes Pfau:
> I propose the following:
> 1) Deprecate the version using the system RNG. Add a hint in the message
> that this function is not cryptographicallly secure. Add a reference to
> documentation how to update code.
> 2) Update documentation examples to show how to provide the phobos
> default RNG. State that this is not cryptographically secure.
> 3) Optionally: Implement a Secure, System based RNG.
> I'll open a pull request for steps 1-2 today, so that the immediate
> problem is solved. I'll also have a look how difficult it is to do 3).
PR for 1), 2) is here: https://github.com/dlang/phobos/pull/7618
Testing is mostly ok, the only problem is that the deprecation triggers
on import std.uuid : randomUUID even if the 0-parameter overload is not
used. The dscanner test however complains in one of the unittests when
using a local, non-selective import..
Initial PR for 3) is at https://github.com/dlang/phobos/pull/7619 but
faces some more serious complications:
* how to handle static initialization of __gshared variables
* how to do file IO. std.stdio.File is not @nogc, reinventing the wheel
and using low-level posix/C APIs as in vibe.d or MIR is usually also not
welcome in phobos.
* (how to detect kernel / glibc version. So we want to do syscalls
manually, like vibe.d, ignoring the glibc version? Then we still have to
check if the kernel supports the syscall. Sounds annoying, so I used the /
dev/urandom implementation for linux for now).
I unfortunately don't have much time to work on 3), so if anyone wants to
chime in there, feel free to enhance that code in the PR ;-)
More information about the Digitalmars-d