Home > mailing lists

Re: Support getrandom() for pg_strong_random() source - Mailing list pgsql-hackers

From	Daniel Gustafsson
Subject	Re: Support getrandom() for pg_strong_random() source
Date	October 7 11:25:46
Msg-id	4DC65A37-02D8-46B3-8C14-FC705B87E62F@yesql.se Whole thread Raw
In response to	Re: Support getrandom() for pg_strong_random() source (Jacob Champion <jacob.champion@enterprisedb.com>)
List	pgsql-hackers

Tree view

> On 6 Oct 2025, at 20:27, Jacob Champion <jacob.champion@enterprisedb.com> wrote:
>
> On Fri, Oct 3, 2025 at 5:11 AM Joe Conway <mail@joeconway.com> wrote:
>> That RFC appears to be specific to UUIDv4, but assuming that advice is generally
>> applicable to UUIDs in general it seems to mean we are off the hook when it
>> comes to FIPS with respect to UUIDs.
>
> The most recent RFC still says that [1]. And it doesn't appear to
> mandate the use of a CSPRNG at all, so it'd be unfortunate if UUIDs
> were bound by FIPS considerations... but my opinion has no effect on
> whether they're bound in practice.

Using a UUID as salt would perhaps be one scenario which would turn the RNG
used for UUIDs into security functionality according to the FIPS definitions?

--
Daniel Gustafsson

pgsql-hackers by date:

From: Bertrand Drouvot
Date: 07 October, 11:21:16
Subject: Re: Add stats_reset to pg_stat_all_tables|indexes and related views

From: Daniel Gustafsson
Date: 07 October, 11:40:11
Subject: Re: Support getrandom() for pg_strong_random() source

Re: Support getrandom() for pg_strong_random() source - Mailing list pgsql-hackers

Previous

Next