Re: Support getrandom() for pg_strong_random() source
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Joe Conway <mail@joeconway.com>, Masahiko Sawada <sawada.mshk@gmail.com>, Peter Eisentraut <peter@eisentraut.org>, Michael Paquier <michael@paquier.xyz>, Dagfinn Ilmari Mannsåker <ilmari@ilmari.org>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-10-09T15:20:26Z
Lists: pgsql-hackers
On Tue, Oct 7, 2025 at 1:26 AM Daniel Gustafsson <daniel@yesql.se> wrote: > Using a UUID as salt would perhaps be one scenario which would turn the RNG > used for UUIDs into security functionality according to the FIPS definitions? I don't know. One might idly hope that using a UUID for a salt would itself be a FIPS violation :D but it's probably not. I guess there's a bit of a procedural question bundled in with this (that is getting ever further afield of Sawada-san's proposal). If we happen to use a CSPRNG to generate some sort of non-security-related output, and then someone uses that output to seed some crypto, do we consider ourselves on the hook if we change the implementation? The UUID RFCs are pretty clear that you're not supposed to treat them as unguessable even if an ideal implementation is, and I'm starting to agree with Joe that we need to document that ourselves. --Jacob