(Adding Heikki in CC who committed this code)
On Mon, Jan 2, 2017 at 8:20 AM, <rightfold@gmail.com> wrote:
> The C source code of gen_random_uuid reads:
>
> /*
> * Generate random bits. pg_backend_random() will do here, we don't
> * promis UUIDs to be cryptographically random, when built with
> * --disable-strong-random.
> */
>
> However, the pgcrypto documentation does not mention
> --disable-strong-random
> at all. I think the documentation should mention under which conditions
> the function returns secure data.
That's actually a good idea. But as it does not only apply to
get_random_uuid(), I would think that a notice at the top of the
pgcrypto documentation would make the most sense. Something like:
"If PostgreSQL is built with --disable-strong-random, the data
generated by the functions is not guaranteed to be cryptographically
random."
> P.S. there is also a typo in the C comment: "promis" should be "promise".
Indeed.
--
Michael