Phobos randomUUID is not suitable to generate secrets
Paul Backus
snarwin at gmail.com
Sat Sep 5 13:06:14 UTC 2020
On Saturday, 5 September 2020 at 10:41:34 UTC, Johannes Pfau
wrote:
> Unfortunately, we can not silently replace this overload to use
> a secure RNG: On linux, would we use random or urandom? And the
> system rng can block on low entropy, which could cause
> regressions in some applications. Also some applications (like
> vibe.d) would probably rather block a fiber than a thread,
> which complicates things more.
On linux, you would use /dev/urandom (or getrandom(2) if you
don't need to support old kernel versions), since it is just as
secure as /dev/random and does not block. [1]
[1] https://www.2uo.de/myths-about-urandom/
More information about the Digitalmars-d
mailing list