v4 UUIDs are not that random

[xnyhps]

There are 2¹²² possible random (v4) UUIDs. Data.UUID.V4.nextRandom uses randomIO to generate them, which uses StdGen. StdGen has 64 bits of internal state (two Int32s), so there can only be at the most 2⁶⁴ different UUIDs generated by nextRandom, which is a lot less than 2¹²².

Additionally, StdGen is not cryptographically secure: observing one UUID is enough to compute all the next ones. I know they are not required to be (by the RFC), but I can find many examples of people using UUIDs as session tokens in cookies, where being able to compute the next UUID could allow someone to take over another account. Most other UUID libraries I've seen to use a CSPRNG to generate v4 UUIDs.

[aslatter]

For the interested - the switch to cryptonite caused a slowdown of about x30 in random generation in simple tests, but it is likely worth it.

[nh2]

Should not the instance Random UUID also be removed?

The class Random seems to only include values of 64 bit and less, with the exception of the (in my opinion very questionable) instance for infinite integer types that creates values in only the Int:

instance Random Integer where
  randomR ival g = randomIvalInteger ival g
  random g   = randomR (toInteger (minBound::Int), toInteger (maxBound::Int)) g

[aslatter]

The current Random instance for UUID includes five calls to Random.next because we could only get 28 bits of randomness reliably from StdGen.