Author christian.heimes
Recipients christian.heimes
Date 2012-06-27.14:01:38
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1340805699.85.0.817571094699.issue15206@psf.upfronthosting.co.za>
In-reply-to
Content
The uuid module uses Mersenne Twister from the random module as last fallback. However a MT isn't suitable for cryptographic purposes. The module should first try to use os.urandom() and then perhaps use its own instance of random.Random, similar to uuid_generate_* [1]

The problem doesn't apply to most modern platforms as the uuid module uses either libuuid or the Windows API with ctypes. Therefore I consider the real world severity as low. It may not require a backport to Python 2.x.

[1] http://linux.die.net/man/3/uuid_generate
History
Date User Action Args
2012-06-27 14:01:39christian.heimessetrecipients: + christian.heimes
2012-06-27 14:01:39christian.heimessetmessageid: <1340805699.85.0.817571094699.issue15206@psf.upfronthosting.co.za>
2012-06-27 14:01:39christian.heimeslinkissue15206 messages
2012-06-27 14:01:38christian.heimescreate