Make a unique filesystem path, without creating the file
steve at pearwood.info
Mon Feb 22 19:33:09 EST 2016
On Tue, 23 Feb 2016 06:32 am, Marko Rauhamaa wrote:
> Jon Ribbens <jon+usenet at unequivocal.co.uk>:
>> Suppose you had code like this:
>> filename = binascii.hexlify(os.urandom(16)).decode("ascii")
>> Do we really think that is insecure or that there are any practical
>> attacks against it? It would be basically the same as saying that
>> urandom() is broken, surely?
> urandom() is not quite random and so should not be considered
> cryptographically airtight.
> Under Linux, /dev/random is the way to go when strong security is
> needed. Note that /dev/random is a scarce resource on ordinary systems.
That's actually incorrect, but you're not the only one to have been mislead
by the man pages.
On non-Linux Unixes, the difference between urandom and random is mostly, or
entirely, gone, in favour of urandom's non-blocking behaviour. And it's a
myth that the output of random is "more random" or "more pure" than
urandom's. In reality, on Linux both urandom and random use exactly the
for a good explanation of how random and urandom actually work on Linux.
More information about the Python-list