uuid icon indicating copy to clipboard operation
uuid copied to clipboard

Published 20 hours ago verified publisher icon haskell-hvr

Remove Random instance for UUID, or mark it as deprecated

Open bitonic opened this issue 8 years ago • 8 comments

See https://github.com/aslatter/uuid/issues/15#issuecomment-224248306 for motivations, and entire ticket for context.

bitonic avatar Jun 08 '16 13:06 bitonic

Are you worried because someone might try to use the instance with StdGen? Maybe anyone that actually cares about randomness won't even bother with the System.Random class, but I'm not sure what harm comes from letting someone try.

aslatter avatar Jun 09 '16 01:06 aslatter

I'm worried about this kind of usage: https://github.com/silkapp/rest/commit/e4ef6a6585282f507854843e7978801faf14caa0 . If you do this, you're going to get 64-bit UUIDs and you don't realize it.

bitonic avatar Jun 09 '16 08:06 bitonic

Note that my comment above is based on https://github.com/aslatter/uuid/issues/15#issue-118194473 .

I think if the Random instance is properly implemented then it is "dangerous" only in the sense that it's not really suitable to generate UUIDs that are hard to predict. Or as you said,

Maybe anyone that actually cares about randomness won't even bother with the System.Random class, but I'm not sure what harm comes from letting someone try.

I still think this difference in behavior warrants at the very least some documentation/warning, considering that UUIDs are very often used to implement things like user sessions tokens that rely on the UUIDs to be hard to predict.

bitonic avatar Jun 09 '16 10:06 bitonic

I ran into this, couldn't figure out how to use the Random a class with something other than System.Random and a figured nextRandom was just a wrapper around randomIO because there wasn't anything saying otherwise.

I think it would be helpful to say that one should use nextRandom for secure purposes and randomIO for general purposes.

prikhi avatar Jun 20 '17 20:06 prikhi

@prikhi would you be interested in providing a PR enhancing the Haddock documentation to that effect?

hvr avatar Jun 20 '17 22:06 hvr

@hvr Created in #31

prikhi avatar Jun 20 '17 23:06 prikhi

I think we're running into this in production, we're getting a lot of collisions of UUIDs generated from a bunch of Lambdas, so we're now looking at generating UUID using something like cryptonite instead.

Edit: Looks like we're probably using the wrong way to generate UUIDs, and V4.nextRandom should be what we use.

axman6 avatar May 08 '20 01:05 axman6

Random instance is really little use for AWS Lambda. There the if you generate just a few UUIDs (or even many) they depend heavily on an initial random seed.

https://hackage.haskell.org/package/uuid-1.3.13/docs/Data-UUID-V4.html uses entropy which is a lot better idea in that environment.

I'm tempted to remove Random instance in the next major version of uuid-types and uuid, as I honestly don't see a good reason for it. V4 entropy generation should be good enough for "real" UUID generation, and quickcheck-instances has not-real UUID generation for testing purposes (i.e. essentially generating two Word64s).

... but there aren't any reasons to make major release so for now Random instance will stay.

phadej avatar Feb 16 '21 23:02 phadej