(Adding Heikki in CC who committed this code) On Mon, Jan 2, 2017 at 8:20 AM, <rightf...@gmail.com> wrote: > The C source code of gen_random_uuid reads: > > /* > * Generate random bits. pg_backend_random() will do here, we don't > * promis UUIDs to be cryptographically random, when built with > * --disable-strong-random. > */ > > However, the pgcrypto documentation does not mention > --disable-strong-random > at all. I think the documentation should mention under which conditions > the function returns secure data.
That's actually a good idea. But as it does not only apply to get_random_uuid(), I would think that a notice at the top of the pgcrypto documentation would make the most sense. Something like: "If PostgreSQL is built with --disable-strong-random, the data generated by the functions is not guaranteed to be cryptographically random." > P.S. there is also a typo in the C comment: "promis" should be > "promise". Indeed. -- Michael -- Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
