Path: csiph.com!news.swapon.de!fu-berlin.de!uni-berlin.de!not-for-mail
From: Chris Angelico <rosuav@gmail.com>
Newsgroups: comp.lang.python
Subject: Re: Make a unique filesystem path, without creating the file
Date: Tue, 23 Feb 2016 06:37:28 +1100
Lines: 21
Message-ID: <mailman.47.1456169852.20994.python-list@python.org>
References: <85r3gf55k4.fsf@benfinney.id.au> <CAG93HwHjKewu-VHUUc1jL=cU-pDNxVtKxx6ORyr+mdLLSJx2TA@mail.gmail.com> <CAG93HwGRsvcc=9rGgOA=oi6C-3pTk-Kr3g4dxCN0ivvixTVPWw@mail.gmail.com> <85mvr26dij.fsf@benfinney.id.au> <mailman.44.1456164660.20994.python-list@python.org> <slrnncmkag.16b.jon+usenet@wintry.unequivocal.co.uk> <mailman.45.1456165511.20994.python-list@python.org> <slrnncmllh.16b.jon+usenet@wintry.unequivocal.co.uk> <mailman.46.1456167850.20994.python-list@python.org> <slrnncmo5e.16b.jon+usenet@wintry.unequivocal.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Trace: news.uni-berlin.de ZwtibqQgCyGBFeXCG+FtTw/A34TsvDY0/yLUK8r/s0jw==
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.026
X-Spam-Evidence: '*H*': 0.95; '*S*': 0.00; 'received:209.85.223': 0.03; 'filename': 0.07; 'subject:file': 0.07; 'cc:addr:python- list': 0.09; '2016': 0.16; '23,': 0.16; 'broken,': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'received:io': 0.16; 'received:psf.io': 0.16; 'usage,': 0.16; 'wrote:': 0.16; 'basically': 0.18; 'bytes': 0.18; 'cc:2**0': 0.20; 'cc:addr:python.org': 0.20; 'saying': 0.22; "aren't": 0.22; 'suppose': 0.22; 'am,': 0.23; 'feb': 0.23; 'this:': 0.23; 'header :In-Reply-To:1': 0.24; 'message-id:@mail.gmail.com': 0.27; 'sure,': 0.29; 'skip:b 40': 0.29; "i'm": 0.30; 'code': 0.30; 'addresses,': 0.33; 'though.': 0.33; 'tue,': 0.34; 'gives': 0.35; 'received:google.com': 0.35; 'on,': 0.35; 'but': 0.36; 'there': 0.36; 'received:209.85': 0.36; 'subject:: ': 0.37; 'really': 0.37; 'mac': 0.37; 'received:209': 0.38; 'skip:p 20': 0.38; 'sure': 0.39; 'subject:the': 0.39; 'necessarily': 0.63; 'information': 0.63; 'face': 0.64; 'day,': 0.65; 'secure.': 0.66; "they're": 0.66; 'chrisa': 0.84; 'insecure': 0.84; 'to:none': 0.91; 'maybe,': 0.91; 'subject:Make': 0.91; 'fare': 0.93; 'safe.': 0.93
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=2vLy6bCirxBJt5VzV2DCVe9W2oeyO7AnPwGdce6805Q=; b=grqxkh36fg4ZQQuPQFXBGuEY8oTzp7rWjJCYFBHtQUOGthQ/rEumE3lhi4jHM1XCHG iemX/3vjGwcX8Ojg5zp7/4HP7FwLlN/MFjK9ai2eC7MKBYFB0X5RDTerhsOlYujqzPO1 5Siq9uuAYMklcwGSWaH3Qepx8YubEfI7x/7YKKohk3wEdMhupoTTRA+wiMA2xxWUxFpt 24/LOd9XkiIdmiiDjR1VJbQ3LlR5Mjivbx7qPfqptvUdJoq0oMwNHJ9EO+MG8JO40nu7 Ws3waA5lKp9Y20/BQoiN9GBcyXmw/SJazF4TVH9uRJBVTkDlywn3OtbMp2crM9q5rMzq Gvhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:cc:content-type; bh=2vLy6bCirxBJt5VzV2DCVe9W2oeyO7AnPwGdce6805Q=; b=EuuAqU/MZgPy82kRA6NR3C13TfNCVuhQOeYtsp90+poJhouQgJW5OUSuw5vXrwPdYS dFge1KMHlNVTj965g12O/oAsBJPfk5a/y7ZPsiEiH1y0VOIkkvyGMq3NEuDrqXOm6T8d nN+QsK6M8xw4cunBCQAtfwZ+sGB53+LnmszaZv5J6M3wAu0X7y2ToXqudzjd0nKFXXsq Y3UgdzvVu2GHb2sMJyEMvo5KrfzOX1k36sJoGxuq5adoSun3sCMl9AFJ9ONkwOqtdERG fTfCCJhh4uGk8VhGorU7qyz8akYMWFjQZ8zFzf5Wyx/H3l11+XRQ8DIcMT7TLEc+MNFF LuMw==
X-Gm-Message-State: AG10YORfj6NRN9zLgPUZS/S8KPBXMUbFQtep+XfONMd1Xtkf1eFD6kA0hxtkL9PJ9KdLlj5xeH8vaIfqsv30UA==
X-Received: by 10.107.47.162 with SMTP id v34mr27800685iov.19.1456169848809; Mon, 22 Feb 2016 11:37:28 -0800 (PST)
In-Reply-To: <slrnncmo5e.16b.jon+usenet@wintry.unequivocal.co.uk>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.21rc2
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Xref: csiph.com comp.lang.python:103360

On Tue, Feb 23, 2016 at 6:22 AM, Jon Ribbens
<jon+usenet@unequivocal.co.uk> wrote:
>> Maybe, if everyone's cooperating. I'm not sure how they fare in the
>> face of malice though.
>
> Suppose you had code like this:
>
>   filename = binascii.hexlify(os.urandom(16)).decode("ascii")
>
> Do we really think that is insecure or that there are any practical
> attacks against it? It would be basically the same as saying that
> urandom() is broken, surely?

Sure, that would be safe. But UUIDs aren't necessarily based on "give
me sixteen bytes from urandom". They can involve
potentially-predictable information such as MAC addresses, current
time of day, and so on, which gives them significantly less
randomness. In that kind of usage, they're not intended to be
cryptographically secure.

ChrisA