This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes
Date 2012-06-27.14:01:38
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The uuid module uses Mersenne Twister from the random module as last fallback. However a MT isn't suitable for cryptographic purposes. The module should first try to use os.urandom() and then perhaps use its own instance of random.Random, similar to uuid_generate_* [1]

The problem doesn't apply to most modern platforms as the uuid module uses either libuuid or the Windows API with ctypes. Therefore I consider the real world severity as low. It may not require a backport to Python 2.x.

Date User Action Args
2012-06-27 14:01:39christian.heimessetrecipients: + christian.heimes
2012-06-27 14:01:39christian.heimessetmessageid: <>
2012-06-27 14:01:39christian.heimeslinkissue15206 messages
2012-06-27 14:01:38christian.heimescreate