Skip to content

Eliminate Math.random from UUID PRNG value generation

Thomas Randolph requested to merge tor/maintenance/uuid-better-random into master

What does this MR do and why?

For #360730 (closed)

Why

Please see the linked issue for a deeper discussion of "Why".

In short: Math.random is unsuitable for true randomness, and while there are currently no security implications, we should avoid it.

What

  1. Splits fully random UUIDs and seeded UUIDs into separate exports
  2. Avoids the trip through the PRNG with no seed values (which defaulted to Math.random) for fully random UUIDs
    1. The correct way to do this in browser is crypto.randomUUID, but the browsers we target don't support this.
    2. The next best way is to use crypto.getRandomValues, and then feed those directly into the generator
      • This is exactly what uuid/v4 does under the hood if you don't provide it random values, so we just skip the PRNG entirely and let uuid/v4 handle it.

Screenshots or screen recordings

N/A, all of this code is backstage.

How to set up and validate locally

  1. Probably just run the tests.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Thomas Randolph

Merge request reports