Use CSPRNG if available.
ericelliott opened this issue · 3 comments
Note: Cuid2 already provides some cryptographically strong guarantees even using Math.random because:
- We don't trust the entropy from Math.random so we don't rely on it for cryptographic security. Instead, we mix it with several other independent sources of entropy. Those sources have been proven for more than a decade in apps with hundreds of millions of users via Cuid V1, and helped inspire UUID v6 - v8.
- We use a security audited implementation of the cryptographically secure SHA-3 to hash all that entropy so the output is opaque.
As far as we're aware, Cuid2 is safe to use now, and certainly safer than most other id options available.
Because we believe in security in layers, it's still a good idea to source our random bits with a CSPRNG. That is the purpose of this issue.
Idea:
Apparently all modern browsers + node support the cryptographically-secure crypto.randomUUID()
, which may make a better source of pseudorandom data than Math.random()
.
Wouldn't Crypto.getRandomValues() or SubtleCrypto.generateKey() be a better option?
No, because they are not universal (available in both browsers and Node), and their APIs are more prone to entropy problems, errors, and they need to be wrangled more to coerce their outputs into strings, adding complexity and potential for bugs.
This isn't ready to merge yet:
- Test with React Native
- Make sure we're not using the fixed bits from UUID v4.
- Is there a better solution? e.g. a cross-platform universal solution that is security audited and works like
Math.random()
?