These docs are under active development and cover the v0.20 Kobicha security model.
Peios Learn
On this page
Print Full Specification
§2.4

Generation

GUIDs generated by Peios MUST be version 4 (random) as defined in RFC 4122 §4.4.

§2.4.1 Algorithm

To generate a version 4 GUID:

  1. Fill all 16 bytes with cryptographically random data.
  2. Set the four most significant bits of Data3 to 0100 (version 4).
  3. Set the two most significant bits of Data4[0] to 10 (RFC 4122 variant).

The resulting GUID has 122 random bits, 4 version bits, and 2 variant bits.

[!INFORMATIVE] In terms of bit manipulation on the binary layout:

Data3 = (Data3 & 0x0fff) | 0x4000
Data4[0] = (Data4[0] & 0x3f) | 0x80

§2.4.2 Randomness source

The random data MUST be obtained from a cryptographically secure source.

In the kernel, this MUST be get_random_bytes() or equivalent.

In userspace, this MUST be getrandom(2) with no flags (blocking until the entropy pool is initialised) or equivalent.

GUIDs MUST NOT be generated using a pseudorandom number generator seeded from a predictable source.