[cobbal]

UUIDv4 may or may not use a cryptographically secure random number generator. Python's UUID library, for example, falls back to the insecure 'random' module. Given a handful of outputs, it's possible to predict future ones.

[maple3142]

For python specifically, the uuid4 function does use the randomness from os.urandom, which is supposed to be cryptographically random on most platforms.

[shakna]

Uh... Come again?

    def uuid4():
        """Generate a random UUID."""
        return UUID(bytes=os.urandom(16), version=4)

https://github.com/python/cpython/blob/3.13/Lib/uuid.py

[cobbal]

Nice. Looks like I was looking at an old version of the file. https://github.com/python/cpython/commit/09ba98436444d2a4e11...

[shakna]

Yeah, Python went through a big shakeup around secure randomness when they put together the "secrets" library, around a decade ago. A lot of that also got backported on most OSs.

So there really shouldn't be anyone using that today, thankfully.

[0cf8612b2e1e]

Gasp! I had no idea about the Python implementation. Not that I do anything where it would matter (just need a random id), but for an already slow language, I would prefer the safer default.