Make a unique filesystem path, without creating the file

Jon Ribbens jon+usenet at unequivocal.co.uk
Mon Feb 22 19:11:05 EST 2016


On 2016-02-23, Steven D'Aprano <steve at pearwood.info> wrote:
> On Tue, 23 Feb 2016 06:22 am, Jon Ribbens wrote:
>> Suppose you had code like this:
>> 
>> filename = binascii.hexlify(os.urandom(16)).decode("ascii")
>> 
>> Do we really think that is insecure or that there are any practical
>> attacks against it? It would be basically the same as saying that
>> urandom() is broken, surely?
>
> Correct. Any attack against urandom would be an attack on this. You would
> just have to trust that the kernel devs have made urandom as secure as
> possible, and pay no attention to what the man page says, as its wrong.
>
> By the way, Python 3.6 will have (once Guido formally approves it) a new
> module, "secrets", for securely generating (pseudo)random tokens like this:
>
> import secrets
> filename = secrets.token_hex(16)

+1


More information about the Python-list mailing list