Re: gen_random_uuid security not explicit in documentation

On 01/03/2017 02:47 PM, Michael Paquier wrote:
> (Adding Heikki in CC who committed this code)
>
> On Mon, Jan 2, 2017 at 8:20 AM, <rightfold(at)gmail(dot)com> wrote:
>> The C source code of gen_random_uuid reads:
>>
>> /*
>> * Generate random bits. pg_backend_random() will do here, we don&#39;t
>> * promis UUIDs to be cryptographically random, when built with
>> * --disable-strong-random.
>> */
>>
>> However, the pgcrypto documentation does not mention
>> --disable-strong-random
>> at all. I think the documentation should mention under which conditions
>> the function returns secure data.
>
> That's actually a good idea. But as it does not only apply to
> get_random_uuid(), I would think that a notice at the top of the
> pgcrypto documentation would make the most sense. Something like:
> "If PostgreSQL is built with --disable-strong-random, the data
> generated by the functions is not guaranteed to be cryptographically
> random."

Hmm, not sure what to do here. --disable-strong-random is similar to
e.g. --disable-spinlocks; no reasonable production platform would use
it. So I'm not inclined to sprinkle references to it across the docs, it
seems better to document what it changes, in the description of
--disable-strong-random itself.

To be pedantic, the documentation only claims that gen_random_bytes()
returns cryptographically strong values. For gen_random_uuid(), it just
says that it's "random". But yeah, it's subtle. By the feat of having
them side-by-side, and a similar name, you'd think that they behave the
same. And with --enable-strong-random, they do.

I'm inclined to change gen_random_uuid() to throw an error if the server
is built with --disable-strong-random, like gen_random_bytes() does.
That way, they would behave the same.

Thoughts?

- Heikki