-
-
Notifications
You must be signed in to change notification settings - Fork 902
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Insecure random values should be opt-in #173
Comments
While I understand your point, I think the current behavior is more developer friendly and since this module isn't even aiming for strong crypto I feel less strongly that this is a real problem. |
I actually feel like this is a pretty legitimate request. Most devs aren't aware of the security issues of less-than-crypto-quality PRNGs. Requiring them to opt-into the existing possibly-insecure behavior is probably a good thing. ... in the next major version, though. Reopen? |
Sure, if you want to reopen go for it. My thinking was that even tho it isn't crypto quality, this lib isn't that hurt by not being crypto quality as fallback since it isn't a crypto library itself. But if you have a good idea for the API change we can do another major bump. |
Hi @joepie91 You might have a look at my implementation that doesn't fallback to Math.random: https://github.com/pgaubatz/node-uuid Cheers, |
For the record, crypto.getRandomValues is broadly supported these days. |
I think this a serious issue. We have had issues with UUID collisions, specifically in test suites. The whole point of a UUID is to be universally unique... |
@willsr, can you elaborate? UUID collisions are always a concern. Specifically, what platform are you running on? What code are you running to generate UUIDs? How often are you seeing collisions? etc... [Edit: Also, given that |
For the record, the CVE for this issue: http://www-01.ibm.com/support/docview.wss?uid=swg21982849 |
If you look at this article, you'll notice that it is a very severe problem as some browsers (most notably the google webcrawlers) fall back to a very weak implementation in Math.Random which guarantees collisions after just a few thousand invocations. This causes some severe problems in some applications and as such needs to be fixed. Snowplow has big problems because of this. |
How about using Mersenne Twister pseudorandom number generator when the Cryptograpgy API is not available? |
A simple solution would be to use |
The issue here is that insecure random values - ie. any random values that do not originate from a CSPRNG - should be opt-in, rather than an automatic fallback. The addition of a Mersenne Twister implementation, while a possible improvement over plain Math.random in some environments, does not solve this issue; MT is still not a CSPRNG, and should still not be an automatic fallback. |
I don’t believe embedding a PRNG like mersenne (or other algo) is the right solution. Instead, this module should throw an Error in environments where no crypto-PRNG is available, and provide an API for devs to inject an PRNG of their choosing. (And provide a a doc example showing how to do that using Mersenne?) That way we avoid adding a dependency that most folks won’t need, and allow devs to provide whatever algo best suits their needs. |
BTW, the reason I haven't acted on this (aside from just generally being busy with other stuff), is that the PRNG feature-detection is done at module load-time currently. So there's a race condition of sorts around how a dev would inject a custom RNG function before Resolving this probably isn't a big deal, but it's enough of a change that I haven't had the time to sit down and sort through it. If someone wants to suggest an approach/put up a PR, that would be welcome. |
@broofa You can do something like this:
uuid/lib/rng.js var implementation = function (){
throw new Error("Random number generator is not set.");
};
var abstractRNG = function (){
return implementation();
};
abstractRNG.use = function (rng){
implementation = rng;
};
module.exports = abstractRNG; uuid/v1.js const uuidv1 = require('./lib/v1');
const rng = require('./lib/rng');
const defaultRngAlgorithm = require('./lib/default-rng-algorithm');
rng.use(defaultRngAlgorithm);
module.exports = uuidv1; I think this is the best solution if you want to keep the current procedural approach and you want to stay backward compatible. You can decide whether you want to keep the current - crypto.getRandomValues with Math.random fallback - implementation as default or change to crypto.getRandomValues only and increase the major version number. If they want them to use their own implementation, then you should publish the |
- New option for v1 and v4: allowInsecureRng - Require to be `true` if `rng.insecure == true` Closes uuidjs#173
Suggestion @broofa #337 (comment)
|
@broofa I'm not 100% sure about the idea of forward-compatibility with Putting I would prefer to offer a more explicit way of providing a custom rng. Other concern: At this point in time I also tend to drop |
BREAKING CHANGE: Remove builtin support for insecure random number generators in the browser. Users who want that will have to supply their own random number generator function. Fixes #173.
BREAKING CHANGE: Remove builtin support for insecure random number generators in the browser. Users who want that will have to supply their own random number generator function. Fixes #173.
BREAKING CHANGE: Remove builtin support for insecure random number generators in the browser. Users who want that will have to supply their own random number generator function. Fixes #173.
BREAKING CHANGE: Remove builtin support for insecure random number generators in the browser. Users who want that will have to supply their own random number generator function. Fixes #173.
BREAKING CHANGE: Remove builtin support for insecure random number generators in the browser. Users who want that will have to supply their own random number generator function. Fixes #173.
BREAKING CHANGE: Remove builtin support for insecure random number generators in the browser. Users who want that will have to supply their own random number generator function. Fixes #173.
BREAKING CHANGE: Remove builtin support for insecure random number generators in the browser. Users who want that will have to supply their own random number generator function. Fixes #173.
Fixed in #354. |
We have just released |
@ctavan updating [email protected], it breaks for me in AWS Lambda, node 12.x:
Locally it works, but I cannot understand what would be the difference in AWS. |
@neg3ntropy please check #378 (comment). The issue should be fixed with |
Right now, this module will automatically fall back to
Math.random()
in browser environments that don't support CSPRNG use, essentially failing open.To operate securely, it should instead fail hard with an error, and only allow falling back to an insecure random source if the developer explicitly indicates that this is acceptable.
The text was updated successfully, but these errors were encountered: