diff --git a/CHANGELOG.md b/CHANGELOG.md index 48f85df99..a253ba4b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,11 @@ FEATURES: * builder/amazon/ebs: Ability to specify which availability zone to create instance in. [GH-536] +BUG FIXES: + +* common/uuid: Use cryptographically secure PRNG when generating + UUIDs. [GH-552] + ## 0.3.10 (October 20, 2013) FEATURES: diff --git a/common/uuid/uuid.go b/common/uuid/uuid.go index 496a2f6ef..d8b9830be 100644 --- a/common/uuid/uuid.go +++ b/common/uuid/uuid.go @@ -1,8 +1,8 @@ package uuid import ( + "crypto/rand" "fmt" - "math/rand" "time" ) @@ -10,14 +10,15 @@ import ( // bottom 96 are random. func TimeOrderedUUID() string { unix := uint32(time.Now().UTC().Unix()) - rand1 := rand.Uint32() - rand2 := rand.Uint32() - rand3 := rand.Uint32() + + b := make([]byte, 12) + n, err := rand.Read(b) + if n != len(b) { + err = fmt.Errorf("Not enough entropy available") + } + if err != nil { + panic(err) + } return fmt.Sprintf("%08x-%04x-%04x-%04x-%04x%08x", - unix, - uint16(rand1>>16), - uint16(rand1&0xffff), - uint16(rand2>>16), - uint16(rand2&0xffff), - rand3) + unix, b[0:2], b[2:4], b[4:6], b[6:8], b[8:]) }