| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Joe Conway <mail(at)joeconway(dot)com>, Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, Peter Eisentraut <peter(at)eisentraut(dot)org>, Michael Paquier <michael(at)paquier(dot)xyz>, Dagfinn Ilmari Mannsåker <ilmari(at)ilmari(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Support getrandom() for pg_strong_random() source |
| Date: | 2025-10-07 08:25:46 |
| Message-ID: | 4DC65A37-02D8-46B3-8C14-FC705B87E62F@yesql.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 6 Oct 2025, at 20:27, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> wrote:
>
> On Fri, Oct 3, 2025 at 5:11 AM Joe Conway <mail(at)joeconway(dot)com> wrote:
>> That RFC appears to be specific to UUIDv4, but assuming that advice is generally
>> applicable to UUIDs in general it seems to mean we are off the hook when it
>> comes to FIPS with respect to UUIDs.
>
> The most recent RFC still says that [1]. And it doesn't appear to
> mandate the use of a CSPRNG at all, so it'd be unfortunate if UUIDs
> were bound by FIPS considerations... but my opinion has no effect on
> whether they're bound in practice.
Using a UUID as salt would perhaps be one scenario which would turn the RNG
used for UUIDs into security functionality according to the FIPS definitions?
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2025-10-07 08:40:11 | Re: Support getrandom() for pg_strong_random() source |
| Previous Message | Bertrand Drouvot | 2025-10-07 08:21:16 | Re: Add stats_reset to pg_stat_all_tables|indexes and related views |