classification
Title: Always use os.urandom for generating uuid4s
Type: Stage: resolved
Components: Library (Lib) Versions: Python 3.6, Python 3.5, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: alex, barry, dstufft, jayvdb, python-dev
Priority: normal Keywords: needs review, patch

Created on 2015-10-29 22:30 by alex, last changed 2015-10-30 03:40 by python-dev. This issue is now closed.

Files
File name Uploaded Description Edit
uuid.diff alex, 2015-10-29 22:30 review
Messages (5)
msg253697 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2015-10-29 22:30
Right now uuid4 can be implemented one of 3 ways:

- If there's a libuuid (and it's not OS X's) it uses that.
- Fallback to os.urandom
- If that raises an exception, fall back to the random module

I propose to simplify this to _just_ use os.urandom always. Reasons:

- Its security properties are more obviously correct. (There's a large comment in uuid.py about how libuuid doees the wrong thing with fork on OS X, who knows if it's correct on other platforms)
- It's simpler.
- It's faster:

a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "_buffer = ctypes.create_string_buffer(16); uuid._uuid_generate_random(_buffer); bytes(_buffer.raw)"
100000 loops, best of 3: 10 usec per loop
a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "_buffer = ctypes.create_string_buffer(16); uuid._uuid_generate_random(_buffer); bytes(_buffer.raw)"
100000 loops, best of 3: 10.3 usec per loop
a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "_buffer = ctypes.create_string_buffer(16); uuid._uuid_generate_random(_buffer); bytes(_buffer.raw)"
100000 loops, best of 3: 9.99 usec per loop
a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "_buffer = ctypes.create_string_buffer(16); uuid._uuid_generate_random(_buffer); bytes(_buffer.raw)"
100000 loops, best of 3: 10.2 usec per loop
a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "_buffer = ctypes.create_string_buffer(16); uuid._uuid_generate_random(_buffer); bytes(_buffer.raw)"
100000 loops, best of 3: 10.2 usec per loop
a_gaynor@miranda:~$
a_gaynor@miranda:~$
a_gaynor@miranda:~$
a_gaynor@miranda:~$
a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "os.urandom(16)"
100000 loops, best of 3: 8.94 usec per loop
a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "os.urandom(16)"
100000 loops, best of 3: 8.92 usec per loop
a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "os.urandom(16)"
100000 loops, best of 3: 8.97 usec per loop
a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "os.urandom(16)"
100000 loops, best of 3: 8.93 usec per loop
a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "os.urandom(16)"
100000 loops, best of 3: 8.94 usec per loop
a_gaynor@miranda:~$
a_gaynor@miranda:~$
a_gaynor@miranda:~$ python --version
Python 2.7.3
msg253698 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2015-10-29 22:31
(Note that the speed difference would be even bigger on a recent python, 2.7.3 was before the file descriptor was cached for os.urandom)
msg253699 - (view) Author: Barry A. Warsaw (barry) * (Python committer) Date: 2015-10-29 22:58
On Oct 29, 2015, at 10:30 PM, Alex Gaynor wrote:

>Right now uuid4 can be implemented one of 3 ways:

If you're hacking on the uuid module, keep in mind issue22807
msg253707 - (view) Author: Donald Stufft (dstufft) * (Python committer) Date: 2015-10-30 01:57
This looks like a good idea to me, faster and more secure seems like a total win.
msg253713 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2015-10-30 03:40
New changeset 24bdc4940e81 by Benjamin Peterson in branch '2.7':
always use os.urandom for the uuid4 algorithm (closes #25515)
https://hg.python.org/cpython/rev/24bdc4940e81

New changeset 70be1f9c9255 by Benjamin Peterson in branch '3.5':
always use os.urandom for the uuid4 algorithm (closes #25515)
https://hg.python.org/cpython/rev/70be1f9c9255

New changeset 756d040aa8e8 by Benjamin Peterson in branch 'default':
merge 3.5 (#25515)
https://hg.python.org/cpython/rev/756d040aa8e8
History
Date User Action Args
2015-10-30 03:40:45python-devsetstatus: open -> closed

nosy: + python-dev
messages: + msg253713

resolution: fixed
stage: resolved
2015-10-30 01:57:45dstufftsetmessages: + msg253707
2015-10-29 22:58:35barrysetnosy: + barry
messages: + msg253699
2015-10-29 22:33:04jayvdbsetnosy: + jayvdb
2015-10-29 22:31:26alexsetmessages: + msg253698
2015-10-29 22:30:56alexcreate