How good is security via hashing
Nitin Pawar
nitinpawar432 at gmail.com
Tue Jun 7 06:26:47 EDT 2011
Have you tried using UUID module?
Its pretty handy and comes with base64 encoding function which gives
extremely high quality randon strings
ref:
http://stackoverflow.com/questions/621649/python-and-random-keys-of-21-char-max
On Tue, Jun 7, 2011 at 3:48 PM, Robin Becker <robin at reportlab.com> wrote:
> A python web process is producing files that are given randomized names of
> the form
>
> hhhhhh-YYYYMMDDhhmmss-rrrrrrrr.pdf
>
> where rrr.. is a 128bit random number (encoded as base62). The intent of
> the random part is to prevent recipients of one file from being able to
> guess the names of others.
>
> The process was originally a cgi script which meant each random number was
> produced thusly
>
>
> pid is process id, dur is 4 bytes from /dev/urandom.
>
> random.seed(long(time.time()*someprimeint)|(pid<<64)|(dur<<32))
> rrr = random.getrandbits(128)
>
>
> is this algorithm safe? Is it safe if the process is switched to fastcgi
> and the initialization is only carried out once and then say 50 rrr values
> are generated.
> --
> Robin Becker
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>
--
Nitin Pawar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20110607/76dcba6f/attachment-0001.html>
More information about the Python-list
mailing list