Make a unique filesystem path, without creating the file

Jon Ribbens jon+usenet at unequivocal.co.uk
Mon Feb 22 14:22:35 EST 2016


On 2016-02-22, Chris Angelico <rosuav at gmail.com> wrote:
> On Tue, Feb 23, 2016 at 5:39 AM, Jon Ribbens
><jon+usenet at unequivocal.co.uk> wrote:
>> On 2016-02-22, Chris Angelico <rosuav at gmail.com> wrote:
>>> On Tue, Feb 23, 2016 at 5:17 AM, Jon Ribbens
>>><jon+usenet at unequivocal.co.uk> wrote:
>>>> Weeeeeell, I have a lot of sympathy for that point, but on the other
>>>> hand the whole concept of UUIDs ("import uuid") is predicated on the
>>>> opposite assumption.
>>>
>>> Not quite opposite. Ethan is asserting that you cannot be *certain*
>>> without actually checking the FS; the point of UUIDs is that you can
>>> be fairly *confident* that there won't be a collision. There is a
>>> nonzero probability of accidental collisions, and if an attacker is
>>> deliberately trying to _force_ a collision, it's most definitely
>>> possible. So both views are correct.
>>
>> I was under the impression that the point of UUIDs is that you can be
>> *so* confident that there won't be a collision that for all practical
>> purposes it's indistinguishable from being certain.
>
> Maybe, if everyone's cooperating. I'm not sure how they fare in the
> face of malice though.

Suppose you had code like this:

  filename = binascii.hexlify(os.urandom(16)).decode("ascii")

Do we really think that is insecure or that there are any practical
attacks against it? It would be basically the same as saying that
urandom() is broken, surely?


More information about the Python-list mailing list