Phobos randomUUID is not suitable to generate secrets
Steven Schveighoffer
schveiguy at gmail.com
Mon Aug 31 16:10:33 UTC 2020
On 8/31/20 9:17 AM, WebFreak001 wrote:
> On Monday, 31 August 2020 at 07:49:24 UTC, Cym13 wrote:
>> Hi there,
>>
>> As always when I make an appearance it's that something has gone
>> wrong. Either in a popular library or D itself... This time it's a
>> little bit of both.
>>
>> [...]
>
> Thanks for the post! Read the crypto review before and surely enough
> this time again it was really fun to read through the whole post. I also
> love the random pictures in your posts :p
I share this sentiment, great article!
>
> I'm not too sure if I ever use randomUUID now, but if it was used in
> vibe.d applications by default that's terrifying to me.
I had to look it up to make sure. The session id producer uses what is
recommended in the article:
https://github.com/vibe-d/vibe.d/blob/master/crypto/vibe/crypto/cryptorand.d#L125
whew!
-Steve
More information about the Digitalmars-d
mailing list