https://issues.dlang.org/show_bug.cgi?id=24877
Issue ID: 24877
Summary: Randomness in UUID generation is insufficient.
Product: D
Version: D2
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P1
Component: phobos
Assignee: [email protected]
Reporter: [email protected]
UUIDs generated by randomUUID() use the random numbers from std.random, granted
with an unpredictableSeed, but from a fundamentally insecure and low entropy
source.
As per the latest UUID RFC, RFC-8562, Section 8 this should at least have the
option of using an actual quality entropy source.
https://www.rfc-editor.org/rfc/rfc9562.html in section 8 says:
"Instead CSPRNG data SHOULD be selected from a source with sufficient entropy
to ensure guaranteed uniqueness among UUID generation."
--
