| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | rightfold(at)gmail(dot)com |
| Cc: | pgsql-docs(at)postgresql(dot)org, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Subject: | Re: gen_random_uuid security not explicit in documentation |
| Date: | 2017-01-03 12:47:37 |
| Message-ID: | CAB7nPqQuvGF=fqmSUnDZ6-qmCR_w0GygcaztFfDxVg05wk0k8w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs pgsql-hackers |
(Adding Heikki in CC who committed this code)
On Mon, Jan 2, 2017 at 8:20 AM, <rightfold(at)gmail(dot)com> wrote:
> The C source code of gen_random_uuid reads:
>
> /*
> * Generate random bits. pg_backend_random() will do here, we don't
> * promis UUIDs to be cryptographically random, when built with
> * --disable-strong-random.
> */
>
> However, the pgcrypto documentation does not mention
> --disable-strong-random
> at all. I think the documentation should mention under which conditions
> the function returns secure data.
That's actually a good idea. But as it does not only apply to
get_random_uuid(), I would think that a notice at the top of the
pgcrypto documentation would make the most sense. Something like:
"If PostgreSQL is built with --disable-strong-random, the data
generated by the functions is not guaranteed to be cryptographically
random."
> P.S. there is also a typo in the C comment: "promis" should be "promise".
Indeed.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tatsuo Ishii | 2017-01-04 23:40:28 | Questionable tag usage |
| Previous Message | rightfold | 2017-01-01 23:20:54 | gen_random_uuid security not explicit in documentation |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2017-01-03 12:59:21 | Re: Supporting huge pages on Windows |
| Previous Message | Michael Paquier | 2017-01-03 12:34:18 | Re: Replication/backup defaults |