How good is security via hashing
Robin Becker
robin at reportlab.com
Wed Jun 8 05:13:25 EDT 2011
On 07/06/2011 21:42, Paul Rubin wrote:
> geremy condra<debatem1 at gmail.com> writes:
>> # adds random junk to the filename- should make it hard to guess
>> rrr = os.urandom(16)
>> fname += base64.b64encode(rrr)
>
> Don't use b64 output in a filename -- it can have slashes in it! :-(
>
> Simplest is to use old fashioned hexadeimal for stuff like that, unless
> the number of chars is a significant problem. Go for a more complicated
> encoding if you must.
we have been using base62 ie 0-9A-Za-z just to reduce the name length.
--
Robin Becker
More information about the Python-list
mailing list