Re: Support getrandom() for pg_strong_random() source

Jacob Champion <jacob.champion@enterprisedb.com>

From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Joe Conway <mail@joeconway.com>
Cc: Daniel Gustafsson <daniel@yesql.se>, Masahiko Sawada <sawada.mshk@gmail.com>, Peter Eisentraut <peter@eisentraut.org>, Michael Paquier <michael@paquier.xyz>, Dagfinn Ilmari Mannsåker <ilmari@ilmari.org>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-10-06T18:27:41Z
Lists: pgsql-hackers
On Fri, Oct 3, 2025 at 5:11 AM Joe Conway <mail@joeconway.com> wrote:
> That RFC appears to be specific to UUIDv4, but assuming that advice is generally
> applicable to UUIDs in general it seems to mean we are off the hook when it
> comes to FIPS with respect to UUIDs.

The most recent RFC still says that [1]. And it doesn't appear to
mandate the use of a CSPRNG at all, so it'd be unfortunate if UUIDs
were bound by FIPS considerations... but my opinion has no effect on
whether they're bound in practice.

--Jacob

[1] https://www.rfc-editor.org/rfc/rfc9562.html#name-security-considerations