Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!feeder.news-service.com!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <python-python-list@m.gmane.org>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.007
X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'switched': 0.05; 'python': 0.08; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:80.91.229.12': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'received:lo.gmane.org': 0.09; 'subject:security': 0.16; 'algorithm': 0.16; 'meant': 0.18; 'bytes': 0.19; 'guess': 0.19; 'values': 0.25; 'produced': 0.26; 'script': 0.27; 'random': 0.28; 'producing': 0.29; 'originally': 0.29; 'subject:How': 0.30; 'header:X-Complaints-To:1': 0.32; 'to:addr:python-list': 0.33; 'file': 0.34; 'header:User-Agent:1': 0.35; 'received:org': 0.38; 'header:Mime-Version:1': 0.39; 'to:addr:python.org': 0.39; 'recipients': 0.68; 'safe': 0.69; 'robin': 0.84; 'generated.': 0.93; 'subject:good': 0.93
X-Injected-Via-Gmane: http://gmane.org/
To: python-list@python.org
From: Robin Becker <robin@reportlab.com>
Subject: How good is security via hashing
Date: Tue, 07 Jun 2011 11:18:19 +0100
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Gmane-NNTP-Posting-Host: fpc2-nmal8-0-0-cust4.croy.static.cable.virginmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.2524.1307441917.9059.python-list@python.org>
Lines: 23
NNTP-Posting-Host: 82.94.164.166
X-Trace: 1307441917 news.xs4all.nl 49180 [::ffff:82.94.164.166]:49405
X-Complaints-To: abuse@xs4all.nl
Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:7145

A python web process is producing files that are given randomized names of the form

hhhhhh-YYYYMMDDhhmmss-rrrrrrrr.pdf

where rrr.. is a 128bit random number (encoded as base62). The intent of the 
random part is to prevent recipients of one file from being able to guess the 
names of others.

The process was originally a cgi script which meant each random number was 
produced thusly


pid is process id, dur is 4 bytes from /dev/urandom.

random.seed(long(time.time()*someprimeint)|(pid<<64)|(dur<<32))
rrr = random.getrandbits(128)


is this algorithm safe? Is it safe if the process is switched to fastcgi and the 
initialization is only carried out once and then say 50 rrr values are generated.
-- 
Robin Becker