Make a unique filesystem path, without creating the file

Chris Angelico rosuav at
Mon Feb 22 14:37:28 EST 2016

On Tue, Feb 23, 2016 at 6:22 AM, Jon Ribbens
<jon+usenet at> wrote:
>> Maybe, if everyone's cooperating. I'm not sure how they fare in the
>> face of malice though.
> Suppose you had code like this:
>   filename = binascii.hexlify(os.urandom(16)).decode("ascii")
> Do we really think that is insecure or that there are any practical
> attacks against it? It would be basically the same as saying that
> urandom() is broken, surely?

Sure, that would be safe. But UUIDs aren't necessarily based on "give
me sixteen bytes from urandom". They can involve
potentially-predictable information such as MAC addresses, current
time of day, and so on, which gives them significantly less
randomness. In that kind of usage, they're not intended to be
cryptographically secure.


More information about the Python-list mailing list