Eliminate Math.random from UUID PRNG value generation
What does this MR do and why?
For #360730 (closed)
Why
Please see the linked issue for a deeper discussion of "Why".
In short: Math.random
is unsuitable for true randomness, and while there are currently no security implications, we should avoid it.
What
- Splits fully random UUIDs and seeded UUIDs into separate exports
- Avoids the trip through the PRNG with no seed values (which defaulted to
Math.random
) for fully random UUIDs- The correct way to do this in browser is
crypto.randomUUID
, but the browsers we target don't support this. - The next best way is to use
crypto.getRandomValues
, and then feed those directly into the generator- This is exactly what
uuid/v4
does under the hood if you don't provide it random values, so we just skip the PRNG entirely and letuuid/v4
handle it.
- This is exactly what
- The correct way to do this in browser is
Screenshots or screen recordings
N/A, all of this code is backstage.
How to set up and validate locally
- Probably just run the tests.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Thomas Randolph