Phobos randomUUID is not suitable to generate secrets

Steven Schveighoffer schveiguy at gmail.com
Mon Aug 31 16:10:33 UTC 2020


On 8/31/20 9:17 AM, WebFreak001 wrote:
> On Monday, 31 August 2020 at 07:49:24 UTC, Cym13 wrote:
>> Hi there,
>>
>> As always when I make an appearance it's that something has gone 
>> wrong. Either in a popular library or D itself... This time it's a 
>> little bit of both.
>>
>> [...]
> 
> Thanks for the post! Read the crypto review before and surely enough 
> this time again it was really fun to read through the whole post. I also 
> love the random pictures in your posts :p

I share this sentiment, great article!

> 
> I'm not too sure if I ever use randomUUID now, but if it was used in 
> vibe.d applications by default that's terrifying to me.

I had to look it up to make sure. The session id producer uses what is 
recommended in the article:

https://github.com/vibe-d/vibe.d/blob/master/crypto/vibe/crypto/cryptorand.d#L125

whew!

-Steve


More information about the Digitalmars-d mailing list