Hacker News new | past | comments | ask | show | jobs | submit login

Wait, is this blog actually about how to introduce a backdoor into your Postgres install by rolling your own very bad rng?



Nah, mhio is saying that the blog post has a typo:

> Postgres 13’s gen_random_uuid() which generates a V6 UUID that’s secure...

gen_random_uuid gives you a version V4 UUID, not a V6 UUID (it's even in the code comments in the snipped included in the blog). I don't believe Postgres even has a function to generate a V6 UUID - which, indeed, would be a bad idea to use as a source of randomness.


No, a v4 uuid comes from a good RNG. The blog post just said v6 by mistake when it meant v4.


V6 is just a v4 rearranged to behave more like v7 for the purposes of b-tree insertion.


I believe V6 is a reordering of V1, not V4. V4 is random aside from the bits specifying version & variant, ~6/7 bits.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: