From: | Joe Conway <mail(at)joeconway(dot)com> |
---|---|
To: | Daniel Gustafsson <daniel(at)yesql(dot)se>, Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> |
Cc: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Peter Eisentraut <peter(at)eisentraut(dot)org>, Michael Paquier <michael(at)paquier(dot)xyz>, Dagfinn Ilmari Mannsåker <ilmari(at)ilmari(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Support getrandom() for pg_strong_random() source |
Date: | 2025-10-03 12:11:10 |
Message-ID: | 370be9e2-fb8f-47cf-9f56-73fc7461566c@joeconway.com |
Views: | Whole Thread | Raw Message | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 10/3/25 04:04, Daniel Gustafsson wrote:
>> On 3 Oct 2025, at 01:16, Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> wrote:
>
> Adding Joe to the thread since he usually have insights into all things FIPS.
Thanks, I do have opinions at least ;-)
>> ..in systems that must be FIPS compliant, is it okay to generate UUIDs
>> using random numbers from non-FIPS compliant sources? If yes, we can use
>> pg_random/pg_fast_random() for UUID generation in all cases.
> If UUID generation can be considered to not provide any security
> functionality then a non-FIPS validated RNG (FIPS 140-2 Annex C [2] talks
> more about RNGs) can likely be used. Any app which use a UUID in any way
> which can be considered a security functionality would however not be able
> to do that. If anyone is able to find official NIST documentation which can
> shed more light on this then that would be great.
The first hit for UUID RFC[1] that I found said this:
8<------------------
6. Security Considerations
Do not assume that UUIDs are hard to guess; they should not be used
as security capabilities (identifiers whose mere possession grants
access), for example. A predictable random number source will
exacerbate the situation.
8<------------------
That RFC appears to be specific to UUIDv4, but assuming that advice is generally
applicable to UUIDs in general it seems to mean we are off the hook when it
comes to FIPS with respect to UUIDs. Perhaps we should document that though
(assuming we have not already).
> This would need to be properly documented of course. Maybe we should even
> start a dedicated subsection on FIPS in the manual to collect information for
> anyone wanting to use PostgreSQL in a FIPS compliant environment? (That would
> be for another thread though, to keep the goalposts in sight here.)
Yeah, or maybe a source code README, or maybe both. Agreed -- another thread for
another day.
[1] https://datatracker.ietf.org/doc/html/rfc4122#section-6
--
Joe Conway
PostgreSQL Contributors Team
Amazon Web Services: https://aws.amazon.com
From | Date | Subject | |
---|---|---|---|
Next Message | Greg Burd | 2025-10-03 12:13:44 | Re: [PATCH] Add tests for Bitmapset |
Previous Message | Ashutosh Bapat | 2025-10-03 11:49:42 | Re: Add memory_limit_hits to pg_stat_replication_slots |