WASM compilation Random() always has the same seed

[kealist]

• Dart version and tooling diagnostic info (dart info)

Dart 3.6.0-197.0.dev windows_x64

• Whether you are using Windows, macOS, or Linux (if applicable)

Windows

• Whether you are using Chrome, Safari, Firefox, Edge (if applicable)

Chrome

Today we identified WASM builds were always generating the same UUIDs.

https://github.com/Rexios80/uuid_wasm_test

with an additional test

import 'package:test/test.dart';
import 'package:uuid/uuid.dart';
import 'dart:math';

void main() {
  test('random test', () {
    for (var i = 0; i < 5; i++) {
      print(Random().nextInt(600));
    }
  });
}

This will always return:

472
247
387
474
201

when compiled for dart2wasm but will be seeded randomly for dart2js.

I assume this could also be some sort of security problem as well?

[dart-github-bot]

Summary: The Random() function in Dart's WASM compilation always produces the same sequence of numbers, leading to deterministic UUID generation. This issue potentially poses a security risk as it could allow predictable behavior in applications relying on random values.

[julemand101]

I assume this could also be some sort of security problem as well?

If anybody uses plain Random for security related features, then they already have massive security problems even without the seed being fixed. Random.secure is a thing for a reason. :)

Not saying this is not bad. :)

[julemand101]

Found the following code which could indicate the issue:

sdk/sdk/lib/_internal/wasm/lib/math_patch.dart

Lines 224 to 236 in eff0ece

	// Use a singleton Random object to get a new seed if no seed was passed.
	static final _prng = new _Random._withState(_initialSeed());
	static int _setupSeed(int seed) => mix64(seed);
	// TODO: Make this actually random
	static int _initialSeed() => 0xCAFEBABEDEADBEEF;
	static int _nextSeed() {
	// Trigger the PRNG once to change the internal state.
	_prng._nextState();
	return _prng._stateLow;
	}

Kinda an important TODO that most likely should have an issue number attached to it to keep track of it?

[dart-github-bot]

Summary: The Random class in Dart's WASM compilation consistently generates the same sequence of numbers, leading to predictable UUIDs and potentially security vulnerabilities. This behavior is not observed in Dart2JS compilation.

[Rexios80]

This is a catastrophic issue that should be fixed and cherry-picked ASAP. Anyone generating UUIDs in Flutter web WASM apps could be unintentionally generating UUID collisions and lose a lot of data.

[julemand101]

This is a catastrophic issue that should be fixed and cherry-picked ASAP. Anyone generating UUIDs in Flutter web WASM apps could be unintentionally generating UUID collisions and lose a lot of data.

Just want to add here that you should never generate UUID using default Random() generator. Use Random.secure() for that. Reason being that the amount of unique seeds for Random() are limited to 32 bits.

So if you have lot of clients running, it is actually not that impossible to get two clients running with same seed just by accident.

(But UUID should also really be generated by backend...)

[Rexios80]

Just want to add here that you should never generate UUID using default Random() generator. Use Random.secure() for that. Reason being that the amount of unique seeds for Random() are limited to 32 bits.

If that's the case then this is a catastrophic issue in the uuid package

Our app generates a lot of data while offline, so generating UUIDs server-side doesn't seem like a viable option

[julemand101]

I agree that it would be better if the UUID package did focus on security first and performance can then be enabled with a unsecure flag documented what it does and the consequences of using it. Most projects does not require really fast generation of UUID's. And Random.secure are available on all platforms as far as I know.

But yes, I don't disagree that this issue should be fixed with a hotfix on stable. It is quite serious.

[igloo15]

I agree that this is a huge issue. Even beyond the UUID and security/secure issues, the default behavior of Random() should be to have a different seed each time. Typically this is done by using time as the seed.

Utilizing the same seed for testing stuff is a valid use case but should not be the default behavior. That is the purpose of passing a specific seed you define in the constructor Random(123) in order to get a repeated set of values for testing.

This is unexpected default behavior and I expect most people had no idea this was the case. I knew Random() was not secure and could not always be random but I expected that it not being random was a like 1 in 100 chance not every time.

[daegalus]

Hi, I have released a new version of UUID that makes Random.secure() the default for UUIDs.

Some back story: Random.secure() didn't always exist, and I had custom Crypto implementations in the past to do that, but were slow. And once it did exist, there were regressions with IE11 back in the day and people using DartAngular at the time were having issues. So I flipflopped between secure and non-secure Random a lot over the years.

To my knowledge, this is no longer an issue, so I have made it default again. the uuid library is 11+ years old, so there is a lot of legacy decisions and iteration.

[julemand101]

@osa1 Thanks for the quick fix of this issue. Have it been considered if this is something that should be cherry-picked to Stable and/or Beta?

[osa1]

@julemand101 we just considered it, we will try to cherry-pick it into the next beta. I will create the cherry-pick request tomorrow, then it's up to the release team to decide, but I expect it to be merged as it's not a risky patch. (a tiny patch that can't break anyting)

[osa1]

I think there's a new beta cutoff coming soon and the commit that fixed this issue will be included as well, so we don't need a cherry-pick. The commit should be merged to https://github.com/dart-lang/sdk/commits/beta/ in a few days.