Make a unique filesystem path, without creating the file
Chris Angelico
rosuav at gmail.com
Mon Feb 22 14:37:28 EST 2016
On Tue, Feb 23, 2016 at 6:22 AM, Jon Ribbens
<jon+usenet at unequivocal.co.uk> wrote:
>> Maybe, if everyone's cooperating. I'm not sure how they fare in the
>> face of malice though.
>
> Suppose you had code like this:
>
> filename = binascii.hexlify(os.urandom(16)).decode("ascii")
>
> Do we really think that is insecure or that there are any practical
> attacks against it? It would be basically the same as saying that
> urandom() is broken, surely?
Sure, that would be safe. But UUIDs aren't necessarily based on "give
me sixteen bytes from urandom". They can involve
potentially-predictable information such as MAC addresses, current
time of day, and so on, which gives them significantly less
randomness. In that kind of usage, they're not intended to be
cryptographically secure.
ChrisA
More information about the Python-list
mailing list