Make a unique filesystem path, without creating the file

Chris Angelico rosuav at gmail.com
Mon Feb 22 14:37:28 EST 2016


On Tue, Feb 23, 2016 at 6:22 AM, Jon Ribbens
<jon+usenet at unequivocal.co.uk> wrote:
>> Maybe, if everyone's cooperating. I'm not sure how they fare in the
>> face of malice though.
>
> Suppose you had code like this:
>
>   filename = binascii.hexlify(os.urandom(16)).decode("ascii")
>
> Do we really think that is insecure or that there are any practical
> attacks against it? It would be basically the same as saying that
> urandom() is broken, surely?

Sure, that would be safe. But UUIDs aren't necessarily based on "give
me sixteen bytes from urandom". They can involve
potentially-predictable information such as MAC addresses, current
time of day, and so on, which gives them significantly less
randomness. In that kind of usage, they're not intended to be
cryptographically secure.

ChrisA


More information about the Python-list mailing list