From dca33e3cb05f36961cd166f11dcf1881fabf0c3b Mon Sep 17 00:00:00 2001
From: Kyle Den Hartog <kdenhartog@users.noreply.github.com>
Date: Tue, 31 Jan 2023 10:01:36 +1300
Subject: [PATCH] Add CSPRNG usage requirement

Some options to use here would be UUIDv4 (122 bits of entropy - 128 bits with 6 bits fixed), a SHA-256 hash of the ephemeral public key, or a CSPRNG generated number.
---
 CAIPs/caip-171.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CAIPs/caip-171.md b/CAIPs/caip-171.md
index 80629878..ac5df954 100644
--- a/CAIPs/caip-171.md
+++ b/CAIPs/caip-171.md
@@ -55,6 +55,7 @@ Properties of the `SessionIdentifier` are as follows:
 3. It MUST remain the same as the identified session's state changes.
 4. It MUST be serializable into JSON. Serialization and later deserialization using
 JSON MUST result in the same value.
+5. It MUST be generated from a cryptographically random source and MUST include at least 96 bits of entropy for security.
 
 ## Copyright