- 
          
- 
                Notifications
    You must be signed in to change notification settings 
- Fork 33.2k
gh-135244: use CSPRNG for random UUID node ID #135226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
| Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool. If this change has little impact on Python users, wait for a maintainer to apply the  | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uuid1() already has security warnings, and the rest that were changed here are documented as pseudo-random. I don't think we need to change anything here, apart from maybe adding some extra documentation notes.
| You're right. But I think changing them to a more secure way has no disadvantage. Why not make it more unpredictable with no side effects? | 
| Well, there are clearly side-effects. The UUID tests are totally broken by this change. | 
| Well it seems like its broken because the test script uses  for example: this will triger a assertion error because  I'll take a closer look soon | 
| 
 | 
| Maybe I could add a parameter to uuid1() and uuid6() which is False by default, and if its true, using secret.randbits() instead of random.getrandbits() ? | 
| First of all, please open an issue. This needs a wider discussion. I'll still post here. I explicitly avoided using a CSPRNG for UUIDv8 because the RFC states that: 
 And at the same time it states: 
 Now, it's possible to predict the next UUIDv8 if we have enough UUIDv8s values (we can rewind MT-19937 on which  Now, since UUIDv8 is highly customizable, if someone wants to use a CSPRNG for the blocks, they should simply supply it outside the call. The wrapper is simple enough to write. In addition, if someone is worried about using a true random UUIDv8, they should use UUIDv4 instead. UUIDv8's purpose is not be secure or unguessable, that's the purpose of UUIDv4. Therefore, I don't want to change UUIDv8 (otherwise, the default output would behave as for UUIDv4 which is not interesting). For the Node ID, it's something I overlooked and forgot. RFC 4122 actually didn't talk about CSPRNG, but its successor, RFC 9562, does: 
 So for Node ID, I'm willing to switch to a CSPRNG, although we're already dealing with privacy issues due to the MAC address. Note that the random Node ID is only here in case we fail to fetch the MAC address. Finally, for the clock sequence, it appears that other programming languages use a CSPRNG, even though the number of random bits is small (14) and thus, while not predictable with a single shot, it's possible to guess with a probability ~1/16000. To summarize: 
 | 
| issue is at: #135244 | 
| Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool. If this change has little impact on Python users, wait for a maintainer to apply the  | 
| Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool. If this change has little impact on Python users, wait for a maintainer to apply the  | 
| Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool. If this change has little impact on Python users, wait for a maintainer to apply the  | 
| Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool. If this change has little impact on Python users, wait for a maintainer to apply the  | 
Co-authored-by: Bénédikt Tran <[email protected]>
        
          
                Misc/NEWS.d/next/Library/2025-06-08-10-22-22.gh-issue-135244.Y2SOTJ.rst
              
                Outdated
          
            Show resolved
            Hide resolved
        
      | Thanks @LamentXU123 for the PR, and @picnixz for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13, 3.14. | 
…C 9562, §6.10.3 (pythonGH-135226) This aligns with the recommendations of RFC 9562, Section 6.10, paragraph 3 [1]. [1]: https://www.rfc-editor.org/rfc/rfc9562.html#section-6.10-3. --------- (cherry picked from commit 1cb7163) Co-authored-by: LamentXU <[email protected]> Co-authored-by: Bénédikt Tran <[email protected]>
| Sorry, @LamentXU123 and @picnixz, I could not cleanly backport this to   | 
| GH-135255 is a backport of this pull request to the 3.14 branch. | 
| For 3.13, I'll hold this off until #134704 is done. | 
| Awesome. Thanks for ur work @picnixz 🎉 | 
…FC 9562, §6.10.3 (GH-135226) (#135255) gh-135244: generate UUID random Node ID with a CSPRNG as per RFC 9562, §6.10.3 (GH-135226) This aligns with the recommendations of RFC 9562, Section 6.10, paragraph 3 [1]. [1]: https://www.rfc-editor.org/rfc/rfc9562.html#section-6.10-3. --------- (cherry picked from commit 1cb7163) Co-authored-by: LamentXU <[email protected]> Co-authored-by: Bénédikt Tran <[email protected]>
…C 9562, §6.10.3 (python#135226) This aligns with the recommendations of RFC 9562, Section 6.10, paragraph 3 [1]. [1]: https://www.rfc-editor.org/rfc/rfc9562.html#section-6.10-3. --------- Co-authored-by: Bénédikt Tran <[email protected]>
…C 9562, §6.10.3 (python#135226) This aligns with the recommendations of RFC 9562, Section 6.10, paragraph 3 [1]. [1]: https://www.rfc-editor.org/rfc/rfc9562.html#section-6.10-3. --------- Co-authored-by: Bénédikt Tran <[email protected]>
…C 9562, §6.10.3 (python#135226) This aligns with the recommendations of RFC 9562, Section 6.10, paragraph 3 [1]. [1]: https://www.rfc-editor.org/rfc/rfc9562.html#section-6.10-3. --------- Co-authored-by: Bénédikt Tran <[email protected]>
… per RFC 9562, §6.10.3 (pythonGH-135226) This aligns with the recommendations of RFC 9562, Section 6.10, paragraph 3 [1]. [1]: https://www.rfc-editor.org/rfc/rfc9562.html#section-6.10-3. --------- (cherry picked from commit 1cb7163) Co-authored-by: LamentXU <[email protected]> Co-authored-by: Bénédikt Tran <[email protected]>
| GH-137408 is a backport of this pull request to the 3.13 branch. | 
…FC 9562, §6.10.3 (GH-135226) (#137408) * [3.13] gh-135244: generate UUID random Node ID with a CSPRNG as per RFC 9562, §6.10.3 (GH-135226) This aligns with the recommendations of RFC 9562, Section 6.10, paragraph 3 [1]. [1]: https://www.rfc-editor.org/rfc/rfc9562.html#section-6.10-3. --------- (cherry picked from commit 1cb7163) Co-authored-by: LamentXU <[email protected]> Co-authored-by: Bénédikt Tran <[email protected]>
…C 9562, §6.10.3 (python#135226) This aligns with the recommendations of RFC 9562, Section 6.10, paragraph 3 [1]. [1]: https://www.rfc-editor.org/rfc/rfc9562.html#section-6.10-3. --------- Co-authored-by: Bénédikt Tran <[email protected]>
random.getrandbits() is used widely in lib
uuidespectially in generating clock_seqs in UUID v1 and v6if 624*32//14+1 UUIDs are leaked to hackers, they could predict the next UUID generated.
reference: https://github.com/LamentXU123/cve/blob/main/UUID.md
to make it more cryptography secure,
secrets.randbits()should be used instead ofrandom.getrandbits()