On Tue, Oct 7, 2025 at 2:48 AM Dagfinn Ilmari Mannsåker <[email protected]> wrote: > It doesn't mandate (MUST) a CSPRNG, but it strongly recommends (SHOULD) > it (unless unavailable) in the best practices section > (https://www.rfc-editor.org/rfc/rfc9562.html#name-unguessability):
Right -- and we absolutely should do that. But this is in the context of FIPS compliance. If you haven't compiled with SSL, uuidv7() is going to fall back to /dev/urandom anyway, which IIUC is not going to be FIPS-compliant anyway for most people. So it's not really clear to me that we should be worrying about FIPS for UUIDs. The only thing that gives me pause is the fact that libpq-without-OpenSSL is probably a vanishingly small proportion of builds, so maybe there could be people treating our use of a CSPRNG as a de facto guarantee. --Jacob
