Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!selfless.tophat.at!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <debatem1@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.025
X-Spam-Evidence: '*H*': 0.95; '*S*': 0.00; 'filename': 0.09; 'pm,': 0.10; 'output': 0.11; 'wrote:': 0.14; 'fname': 0.16; 'simplest': 0.16; 'slashes': 0.16; 'subject:security': 0.16; 'cc:addr:python- list': 0.17; 'tue,': 0.17; 'must.': 0.19; 'guess': 0.19; 'writes:': 0.19; 'header:In-Reply-To:1': 0.21; 'cc:2**0': 0.22; 'stuff': 0.22; 'cc:no real name:2**0': 0.23; 'skip:b 20': 0.23; 'junk': 0.26; 'message-id:@mail.gmail.com': 0.28; 'paul': 0.28; 'thanks': 0.28; 'random': 0.28; 'mind.': 0.29; 'subject:How': 0.30; 'cc:addr:python.org': 0.30; 'adds': 0.32; 'pointing': 0.32; 'received:209.85.212': 0.34; 'that,': 0.34; 'received:google.com': 0.37; 'received:209.85': 0.37; 'problem.': 0.38; 'subject:: ': 0.38; 'should': 0.39; 'unless': 0.39; 'received:209': 0.39; 'it!': 0.39; 'more': 0.60; 'received:209.85.212.178': 0.91; 'received :mail-px0-f178.google.com': 0.91; 'slipped': 0.91; 'to:none': 0.93; 'subject:good': 0.93
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:cc:content-type:content-transfer-encoding; bh=13SZ4RGFB+XiuSUlzYjRvh50TJR5sObj8yiut9Co2yE=; b=HIek9Y05wc0VLnqoX2lRKNKmstLE243zTE+VjzWNOtSKz5PDL10TfM/nFyJ1stMSzp SyTj6yF/QeuSWbc4uIVAvs4KIJkQs39SLTwOOK8RfZAkKMjhamm8APvuq7t+tZuYJGQr zgHnpHeK5vIa6gpcxA4M7agJhfyV9CiE3YZ0A=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type:content-transfer-encoding; b=XscQ6eHx4He52mrWBxOCWKwRwy+d1jgS7CClD8Q0S2G/vtCrDPo7Z8//kBbISBhCbQ rywk9pgvd8LwHJfxNqQ6sG5AofZ0qIE2/EYd8lOD4KP0Qgv9up2zLuKQ5sWhPyoJtGPK EJDr+N0Hsm3Ftt7h2h9WTjUflyC1xXgkX/qCw=
MIME-Version: 1.0
In-Reply-To: <7xfwnl1ihk.fsf@ruckus.brouhaha.com>
References: <4DEDFAEB.4050006@chamonix.reportlab.co.uk> <mailman.2542.1307476969.9059.python-list@python.org> <7xfwnl1ihk.fsf@ruckus.brouhaha.com>
Date: Tue, 7 Jun 2011 14:41:55 -0700
Subject: Re: How good is security via hashing
From: geremy condra <debatem1@gmail.com>
Cc: python-list@python.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.2.1307482919.11593.python-list@python.org>
Lines: 16
NNTP-Posting-Host: 82.94.164.166
X-Trace: 1307482919 news.xs4all.nl 49174 [::ffff:82.94.164.166]:53645
X-Complaints-To: abuse@xs4all.nl
Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:7189

On Tue, Jun 7, 2011 at 1:42 PM, Paul Rubin <no.email@nospam.invalid> wrote:
> geremy condra <debatem1@gmail.com> writes:
>> # adds random junk to the filename- should make it hard to guess
>> rrr =3D os.urandom(16)
>> fname +=3D base64.b64encode(rrr)
>
> Don't use b64 output in a filename -- it can have slashes in it! =A0:-(
>
> Simplest is to use old fashioned hexadeimal for stuff like that, unless
> the number of chars is a significant problem. =A0Go for a more complicate=
d
> encoding if you must.

Eeesh, that completely slipped my mind. Thanks for pointing it out.

Geremy Condra