Message164157
The uuid module uses Mersenne Twister from the random module as last fallback. However a MT isn't suitable for cryptographic purposes. The module should first try to use os.urandom() and then perhaps use its own instance of random.Random, similar to uuid_generate_* [1]
The problem doesn't apply to most modern platforms as the uuid module uses either libuuid or the Windows API with ctypes. Therefore I consider the real world severity as low. It may not require a backport to Python 2.x.
[1] http://linux.die.net/man/3/uuid_generate |
|
Date |
User |
Action |
Args |
2012-06-27 14:01:39 | christian.heimes | set | recipients:
+ christian.heimes |
2012-06-27 14:01:39 | christian.heimes | set | messageid: <1340805699.85.0.817571094699.issue15206@psf.upfronthosting.co.za> |
2012-06-27 14:01:39 | christian.heimes | link | issue15206 messages |
2012-06-27 14:01:38 | christian.heimes | create | |
|