How good is security via hashing

Ian Kelly ian.g.kelly at gmail.com
Tue Jun 7 16:58:50 EDT 2011


On Tue, Jun 7, 2011 at 2:42 PM, Paul Rubin <no.email at nospam.invalid> wrote:
> geremy condra <debatem1 at gmail.com> writes:
>> # adds random junk to the filename- should make it hard to guess
>> rrr = os.urandom(16)
>> fname += base64.b64encode(rrr)
>
> Don't use b64 output in a filename -- it can have slashes in it!  :-(
>
> Simplest is to use old fashioned hexadeimal for stuff like that, unless
> the number of chars is a significant problem.  Go for a more complicated
> encoding if you must.

You can use base64.urlsafe_b64encode, or specify a custom altchars
argument that doesn't include '/'.

Definitely don't use base64 filenames on a case-insensitive
filesystem, though. :-)



More information about the Python-list mailing list