How good is security via hashing
Robin Becker
robin at reportlab.com
Tue Jun 7 06:18:19 EDT 2011
A python web process is producing files that are given randomized names of the form
hhhhhh-YYYYMMDDhhmmss-rrrrrrrr.pdf
where rrr.. is a 128bit random number (encoded as base62). The intent of the
random part is to prevent recipients of one file from being able to guess the
names of others.
The process was originally a cgi script which meant each random number was
produced thusly
pid is process id, dur is 4 bytes from /dev/urandom.
random.seed(long(time.time()*someprimeint)|(pid<<64)|(dur<<32))
rrr = random.getrandbits(128)
is this algorithm safe? Is it safe if the process is switched to fastcgi and the
initialization is only carried out once and then say 50 rrr values are generated.
--
Robin Becker
More information about the Python-list
mailing list