Elias Probst on Nostr: #Proxmox just generates a #UUIDv4 like 3b7d2d2c-3732-41db-a678-8bc4aeaf9155 as a ...
#Proxmox just generates a #UUIDv4 like
3b7d2d2c-3732-41db-a678-8bc4aeaf9155 as a secret for auth tokens? 😱
This looks a lot like a bad security practice to me, especially when RFC4122 says:
"Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example. A predictable random number source will exacerbate the situation."
#ITSecurity
3b7d2d2c-3732-41db-a678-8bc4aeaf9155 as a secret for auth tokens? 😱
This looks a lot like a bad security practice to me, especially when RFC4122 says:
"Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example. A predictable random number source will exacerbate the situation."
#ITSecurity