[Python-Dev] Remove tempfile.mktemp()
steve at pearwood.info
Wed Mar 20 07:57:10 EDT 2019
On Wed, Mar 20, 2019 at 11:25:03AM +0000, Anders Munch wrote:
> 128 bits seems like overkill: There's no birthday attack because no-one keeps
> 2^(ENTROPY_BITS/2) files around,
You haven't seen my Downloads folder... :-)
> and the attack is running on the attackee's
> system, so there's no using specialised accelerator hardware. I'd say 64 bits
> is enough under those circumstances, but I wouldn't be surprised if a better
> security specialist could make a case for more. So maybe go with 80 bits,
> that's puts it at 15 or 16 characters.
Why be so miserly with entropy? This probably isn't a token that goes to
a human, who may have to type it into a web browser, or send it by SMS.
Its likely to be a name used only by the machine. Using 128 bits is just
22 characters using secrets.token_urlsafe().
The default entropy used by secrets is 32 bytes, which gives a 43
character token. I have plenty of files with names longer than that:
"Funny video of cat playing piano while dog does backflips.mp4"
Of course, if you have some specific need for the file name to be
shorter (or longer!) then there ought to be a way to set the entropy
used. But I think the default secrets entropy is fine, and its better to
have longer names than shorter ones, within reason. I don't think 40-50
characters (plus any prefix or suffix) is excessive for a temporary file
intended for use by an application rather than a human.
More information about the Python-Dev