Open randomstuff opened 2 days ago
elarlang
commented
1 day ago Based on UUIDs own "RFC 9562 Universally Unique IDentifiers (UUIDs)", those MUST NOT be used for that
Implementations SHOULD NOT assume that UUIDs are hard to guess. For example, they MUST NOT be used as security capabilities (identifiers whose mere possession grants access). Discovery of predictability in a random number source will result in a vulnerability.
randomstuff
commented
1 day ago Implementations SHOULD NOT assume that UUIDs are hard to guess.
@elarlang, Oh, yes I forgot to mention that :)
But in practice, UUIDs are often used like this (as session identifiers, password reset tokens, etc.
Anyway, this requirement should probably be removed and might be replaces into requirements for generating unique random values for security:
Verify that when generating random values [TODO, for security], the application use a cryptographically-secure pseudo-random number generator and at least XX bits of entropy. UUIDs must not be used for this purpose.
danielcuthbert
commented
1 day ago Yes, the argument is valid. The requirement, as currently worded, could be interpreted to forbid legitimate uses of other UUID versions (such as v1, v3, or v5) that are appropriate in certain contexts outside of cryptographic needs. By specifying that only UUID v4 or v7 with a CSPRNG should be used, the requirement inadvertently disallows the use of other UUID versions even when they are suitable and safe for the intended purpose. This could lead to unnecessary constraints on developers and might force them to use less optimal solutions for their specific use cases
however, in the context of this requirement, it is in the cryptographic section and as such, would that mean it's less likely to confuse the other uses with those needing strong cryptographic foundations?
If that isn't the case, we could look at someting like this:
Verify that when UUIDs are used in security-sensitive contexts where unpredictability is important (such as session identifiers, tokens, or in URLs), they are generated using a cryptographically secure pseudo-random number generator (CSPRNG), utilizing UUID v4 or v7 algorithms. For non-security contexts where determinism or ordering is required, other UUID versions may be used appropriately.
I guess there does exist a need for contexts here but i'm also aware that this is about cryptography and not other uses
elarlang
commented
1 day ago I think we can just remove the requirement 6.3.2 and we don't miss anything. UUID own spec says how to (not) use it. We can add a "note" to 6.3.1 if it is really necessary that "do not use UUID for that", but I prefer to not do it.
UUID just does not match to requirement 6.3.1 and it is covered by that.
danielcuthbert
commented
1 day ago I'm good with that too ;). ill do a PR
elarlang
commented
1 day ago [DELETED, DUPLICATE OF 6.3.1]
randomstuff
commented
1 day ago UUID just does not match to requirement 6.3.1 and it is covered by that.
UUIDs might match the current requirements in 6.3.1 if generated using CSPRNG.
What we miss (in 6.3.1 or as a separate) requirement in to say that:
Verify that all random numbers and strings which are intended to be non-guessable must have at least XXX bits of entropy. Note that UUIDs do not respect this condition.
The usage of UUIDs for this kind of usage is prevalent, so I think it would make sense to explicitly talk about this.
danielcuthbert
commented
1 day ago So we deleting or amending?
elarlang
commented
1 day ago So we deleting or amending?
I think it is "deleting" (6.3.2) and amending (6.3.1)
tghosth
commented
13 hours ago @danielcuthbert you are doing the PR?
We have this requirement about UUID in "Random Value"
There are legitimate uses of other UUID versions (outside of cryptography) and this requirement currently forbid them if interpreted literally.
I think what we really intend to say here is:
This makes sure that if any of these UUID v4 or v7 are used as secrets, this is not a great deal.
However, this quite feels weird in this section (?).