| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Dagfinn Ilmari Mannsåker <ilmari(at)ilmari(dot)org> |
| Cc: | Joe Conway <mail(at)joeconway(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, Peter Eisentraut <peter(at)eisentraut(dot)org>, Michael Paquier <michael(at)paquier(dot)xyz>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Support getrandom() for pg_strong_random() source |
| Date: | 2025-10-09 15:32:10 |
| Message-ID: | CAOYmi+=GwuWDcsmvYF68zV=32SmyqFnnqRgyOhLZhDwM=1P_pg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Oct 7, 2025 at 2:48 AM Dagfinn Ilmari Mannsåker
<ilmari(at)ilmari(dot)org> wrote:
> It doesn't mandate (MUST) a CSPRNG, but it strongly recommends (SHOULD)
> it (unless unavailable) in the best practices section
> (https://www.rfc-editor.org/rfc/rfc9562.html#name-unguessability)
Right -- and we absolutely should do that. But this is in the context
of FIPS compliance. If you haven't compiled with SSL, uuidv7() is
going to fall back to /dev/urandom anyway, which IIUC is not going to
be FIPS-compliant anyway for most people.
So it's not really clear to me that we should be worrying about FIPS
for UUIDs. The only thing that gives me pause is the fact that
libpq-without-OpenSSL is probably a vanishingly small proportion of
builds, so maybe there could be people treating our use of a CSPRNG as
a de facto guarantee.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2025-10-09 15:33:19 | Re: Should we update the random_page_cost default value? |
| Previous Message | Tom Lane | 2025-10-09 15:28:21 | Re: Fix for compiler warning triggered in WinGetFuncArgInPartition() |