You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
UUIDs generated by randomUUID() use the random numbers from std.random, granted with an unpredictableSeed, but from a fundamentally insecure and low entropy source.
As per the latest UUID RFC, RFC-8562, Section 8 this should at least have the option of using an actual quality entropy source.
https://www.rfc-editor.org/rfc/rfc9562.html in section 8 says:
"Instead CSPRNG data SHOULD be selected from a source with sufficient entropy to ensure guaranteed uniqueness among UUID generation."
The text was updated successfully, but these errors were encountered:
jdougan reported this on 2024-11-25T00:53:20Z
Transfered from https://issues.dlang.org/show_bug.cgi?id=24877
Description
UUIDs generated by randomUUID() use the random numbers from std.random, granted with an unpredictableSeed, but from a fundamentally insecure and low entropy source. As per the latest UUID RFC, RFC-8562, Section 8 this should at least have the option of using an actual quality entropy source. https://www.rfc-editor.org/rfc/rfc9562.html in section 8 says: "Instead CSPRNG data SHOULD be selected from a source with sufficient entropy to ensure guaranteed uniqueness among UUID generation."
The text was updated successfully, but these errors were encountered: