Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't use Math.random() to generate UUIDs #6462

Open
luc122c opened this issue Jul 21, 2022 · 2 comments · May be fixed by #8600
Open

Don't use Math.random() to generate UUIDs #6462

luc122c opened this issue Jul 21, 2022 · 2 comments · May be fixed by #8600
Assignees
@dlarocque
Labels
api: core bug v9

Comments

@luc122c
Copy link
Contributor

luc122c commented Jul 21, 2022

[REQUIRED] Describe your environment

  • Operating System version: MacOS 12.4
  • Browser version: Firefox Developer 103.0b9
  • Firebase SDK version: 9.9.0
  • Firebase Product: Util (auth, database, storage, etc)

[REQUIRED] Describe the problem

The UUID function that Firebase uses has been 'borrowed' from Stack Overflow and uses Math.random() to generate random numbers. It's well documented that Math.random() is not a good source of randomness anymore; in fact the answer that is linked to has been updated to use Crypto.getRandomValues() instead.

Perhaps this function could be updated/replace to use a more up to date method of calculating UUIDs.

Relevant Code:

Source Code

Further information:
@google-oss-bot
Copy link
Contributor

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

@hsubox76
Copy link
Contributor

Thanks. It looks like Node support for Crypto.getRandomValues() is fairly recent (Node 15) so if we update to it, we'll probably want to make sure we wrap it in a try/catch and fall back to Math.random() as needed.

@dlarocque dlarocque self-assigned this Oct 25, 2024
@dlarocque dlarocque linked a pull request Oct 25, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dlarocque dlarocque

Labels
api: core bug v9
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Replace uuidv4 generator with crypto.randomUUID() firebase/firebase-js-sdk
6 participants
@luc122c @DellaBitta @hsubox76 @google-oss-bot @dlarocque @jbalidiong