Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #7186
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!selfless.tophat.at!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <ian.g.kelly@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.001 |
| X-Spam-Evidence | '*H*': 1.00; '*S*': 0.00; ':-)': 0.06; 'though.': 0.07; 'base64': 0.09; 'filename': 0.09; 'pm,': 0.10; 'output': 0.11; 'wrote:': 0.14; 'filenames': 0.16; 'fname': 0.16; 'simplest': 0.16; 'slashes': 0.16; 'subject:security': 0.16; 'argument': 0.16; 'tue,': 0.17; 'must.': 0.19; 'guess': 0.19; 'writes:': 0.19; 'header:In-Reply-To:1': 0.21; 'stuff': 0.22; 'received:209.85.161.46': 0.23; 'received:mail- fx0-f46.google.com': 0.23; 'skip:b 20': 0.23; "doesn't": 0.25; 'specify': 0.25; 'junk': 0.26; 'received:209.85.161': 0.26; 'message-id:@mail.gmail.com': 0.28; 'paul': 0.28; 'random': 0.28; 'subject:How': 0.30; 'adds': 0.32; 'to:addr:python-list': 0.33; 'that,': 0.34; 'received:google.com': 0.37; 'received:209.85': 0.37; 'problem.': 0.38; 'subject:: ': 0.38; 'should': 0.39; 'unless': 0.39; 'received:209': 0.39; 'it!': 0.39; 'to:addr:python.org': 0.39; 'custom': 0.60; 'more': 0.60; 'subject:good': 0.93 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type:content-transfer-encoding; bh=4zqAZOJDkn2tGxku//0EMr538a4quw37Mb1efmgBYRY=; b=qZ7FDEYO2MHmpmkHXAvqRYu7JhjZXvLX35nWeLvYei8cmIzG7GgvFm9lW36EUBN3Fa ldhVKlPDObpHWLCDWowjkYurY3GGaobAIIDIHtSP0fKt/i4s6T7vABOu9ngzZdgF2fBJ UhNJMKseUW0oilfgX+urgVXmF5L5G251eMULg= |
| DomainKey-Signature | a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; b=Zw4Y6/rk+U0xuU05ZeqyHLOK00onQ1bIO9w9eTmrtIzAOlFvUJtGCk7SsafaER5stN 60t0cRoqOLRLqYp8BVpPLCKAE6zp6UNJJV5W3IQrbCWdFMN2MpKEM5lQrpBwNnzldg43 x/UMxARXn5s4ZtRSQ35W/9zbnuiAh9RbGtvWk= |
| MIME-Version | 1.0 |
| In-Reply-To | <7xfwnl1ihk.fsf@ruckus.brouhaha.com> |
| References | <4DEDFAEB.4050006@chamonix.reportlab.co.uk> <mailman.2542.1307476969.9059.python-list@python.org> <7xfwnl1ihk.fsf@ruckus.brouhaha.com> |
| From | Ian Kelly <ian.g.kelly@gmail.com> |
| Date | Tue, 7 Jun 2011 14:58:50 -0600 |
| Subject | Re: How good is security via hashing |
| To | python-list@python.org |
| Content-Type | text/plain; charset=ISO-8859-1 |
| Content-Transfer-Encoding | quoted-printable |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.12 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.0.1307480390.11593.python-list@python.org> (permalink) |
| Lines | 18 |
| NNTP-Posting-Host | 82.94.164.166 |
| X-Trace | 1307480390 news.xs4all.nl 49047 [::ffff:82.94.164.166]:43707 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.python:7186 |
Show key headers only | View raw
On Tue, Jun 7, 2011 at 2:42 PM, Paul Rubin <no.email@nospam.invalid> wrote: > geremy condra <debatem1@gmail.com> writes: >> # adds random junk to the filename- should make it hard to guess >> rrr = os.urandom(16) >> fname += base64.b64encode(rrr) > > Don't use b64 output in a filename -- it can have slashes in it! :-( > > Simplest is to use old fashioned hexadeimal for stuff like that, unless > the number of chars is a significant problem. Go for a more complicated > encoding if you must. You can use base64.urlsafe_b64encode, or specify a custom altchars argument that doesn't include '/'. Definitely don't use base64 filenames on a case-insensitive filesystem, though. :-)
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Re: How good is security via hashing geremy condra <debatem1@gmail.com> - 2011-06-07 13:02 -0700
Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-07 13:42 -0700
Re: How good is security via hashing Ian Kelly <ian.g.kelly@gmail.com> - 2011-06-07 14:58 -0600
Re: How good is security via hashing geremy condra <debatem1@gmail.com> - 2011-06-07 14:41 -0700
Re: How good is security via hashing Robin Becker <robin@reportlab.com> - 2011-06-08 10:13 +0100
Re: How good is security via hashing Thomas Rachel <nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de> - 2011-06-08 13:30 +0200
csiph-web