Techly NewsGet the app

Get the latest tech news

A few secure, random bytes without `pgcrypto`


Avoiding the <code>pgcrypto</code> extension and its OpenSSL dependency by generating cryptographically secure randomness through <code>gen_random_uuid()</code>.

Rather than wasting more time trying to get OpenSSL configured, I did a quick code audit to find out where we were using pgcrypto, and found that we were using it in exactly one place to generate random bytes for use in a ULID: Internally, Postgres has a module called pg_strong_random.c that exports a pg_strong_random() function that will use OpenSSL if available, but can fall back to/dev/urandom in case it’s not, which is perfectly fine for our purposes: pg_strong_random() is called through another function that’s exported to userspace, Postgres 13’s gen_random_uuid() which generates a V6 UUID that’s secure, random data with the exception of six variant/version bits in the middle:

Get the Android app

Or read this on Hacker News

Read more on:

Photo of random bytes

random bytes

« Rotation-Based Compression
Want to Build a Perfect 21st Century Town? Ban Cars »