Re: gen_random_uuid security not explicit in documentation
Michael Paquier <michael.paquier@gmail.com>
From: Michael Paquier <michael.paquier@gmail.com>
To: rightfold@gmail.com
Cc: pgsql-docs@postgresql.org, Heikki Linnakangas <hlinnaka@iki.fi>
Date: 2017-01-03T12:47:37Z
Lists: pgsql-hackers, pgsql-docs
(Adding Heikki in CC who committed this code) On Mon, Jan 2, 2017 at 8:20 AM, <rightfold@gmail.com> wrote: > The C source code of gen_random_uuid reads: > > /* > * Generate random bits. pg_backend_random() will do here, we don't > * promis UUIDs to be cryptographically random, when built with > * --disable-strong-random. > */ > > However, the pgcrypto documentation does not mention > --disable-strong-random > at all. I think the documentation should mention under which conditions > the function returns secure data. That's actually a good idea. But as it does not only apply to get_random_uuid(), I would think that a notice at the top of the pgcrypto documentation would make the most sense. Something like: "If PostgreSQL is built with --disable-strong-random, the data generated by the functions is not guaranteed to be cryptographically random." > P.S. there is also a typo in the C comment: "promis" should be "promise". Indeed. -- Michael
Commits
-
Forbid gen_random_uuid() with --disable-strong-random
- bf723a274cbb 10.0 landed