Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #7145
| From | Robin Becker <robin@reportlab.com> |
|---|---|
| Subject | How good is security via hashing |
| Date | 2011-06-07 11:18 +0100 |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.2524.1307441917.9059.python-list@python.org> (permalink) |
A python web process is producing files that are given randomized names of the form hhhhhh-YYYYMMDDhhmmss-rrrrrrrr.pdf where rrr.. is a 128bit random number (encoded as base62). The intent of the random part is to prevent recipients of one file from being able to guess the names of others. The process was originally a cgi script which meant each random number was produced thusly pid is process id, dur is 4 bytes from /dev/urandom. random.seed(long(time.time()*someprimeint)|(pid<<64)|(dur<<32)) rrr = random.getrandbits(128) is this algorithm safe? Is it safe if the process is switched to fastcgi and the initialization is only carried out once and then say 50 rrr values are generated. -- Robin Becker
Back to comp.lang.python | Previous | Next — Next in thread | Find similar | Unroll thread
How good is security via hashing Robin Becker <robin@reportlab.com> - 2011-06-07 11:18 +0100
Re: How good is security via hashing Jean-Paul Calderone <calderone.jeanpaul@gmail.com> - 2011-06-07 04:40 -0700
Re: How good is security via hashing Robin Becker <robin@reportlab.com> - 2011-06-07 13:27 +0100
Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-07 06:00 -0700
Re: How good is security via hashing Nobody <nobody@nowhere.com> - 2011-06-07 22:23 +0100
Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-07 19:38 -0700
Re: How good is security via hashing Nobody <nobody@nowhere.com> - 2011-06-08 08:18 +0100
Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-08 00:40 -0700
csiph-web