end_to_end_encryption_rfc icon indicating copy to clipboard operation
end_to_end_encryption_rfc copied to clipboard

Published 20 hours ago • verified publisher icon nextcloud

UUID without slashes?

Open tobiasKaminsky opened this issue 6 years ago • 3 comments
trafficstars

Currently we modify uuid: UUID.randomUUID().toString().replaceAll("-", "");

Why is this needed? To be honest, I do not remember. Is this something because of ios (@marinofaggiana) or desktop (@camilasan @rullzer)

If not, I would like to use regular UUID for v2.

tobiasKaminsky avatar Feb 04 '19 07:02 tobiasKaminsky

It was discussed in #13 and merged in #15. But I could not figure out why exactly the UUID approach was chosen.

UUIDs are not a particular good source of randomness (see RFC4122). Therefore, I suggest we stay with the /^[0-9a-fA-F]{32}$/ format for backwards compatibility, but drop the requirement to generate it from a UUID.

woefe avatar Feb 25 '19 14:02 woefe

At least on android I check if the same id is used in the same metadata file to avoid collisions (although chance is very very very small), so I would be fine with UUID, but of course any other random generator is fine for me (as it is nothing security related)

tobiasKaminsky avatar Feb 25 '19 15:02 tobiasKaminsky

this would bring id generation in line with AES key generation (16 random bytes). Reusing that code would be great, since that should use a good CSPRNG anyways (/dev/urandom and alike).

MaxFichtelmann avatar Feb 25 '19 16:02 MaxFichtelmann