Message 164157 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes
Date	2012-06-27.14:01:38
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1340805699.85.0.817571094699.issue15206@psf.upfronthosting.co.za>
In-reply-to

Content
The uuid module uses Mersenne Twister from the random module as last fallback. However a MT isn't suitable for cryptographic purposes. The module should first try to use os.urandom() and then perhaps use its own instance of random.Random, similar to uuid_generate_* [1] The problem doesn't apply to most modern platforms as the uuid module uses either libuuid or the Windows API with ctypes. Therefore I consider the real world severity as low. It may not require a backport to Python 2.x. [1] http://linux.die.net/man/3/uuid_generate

The uuid module uses Mersenne Twister from the random module as last fallback. However a MT isn't suitable for cryptographic purposes. The module should first try to use os.urandom() and then perhaps use its own instance of random.Random, similar to uuid_generate_* [1]

The problem doesn't apply to most modern platforms as the uuid module uses either libuuid or the Windows API with ctypes. Therefore I consider the real world severity as low. It may not require a backport to Python 2.x.

[1] http://linux.die.net/man/3/uuid_generate

History
Date	User	Action	Args
2012-06-27 14:01:39	christian.heimes	set	recipients: + christian.heimes
2012-06-27 14:01:39	christian.heimes	set	messageid: <1340805699.85.0.817571094699.issue15206@psf.upfronthosting.co.za>
2012-06-27 14:01:39	christian.heimes	link	issue15206 messages
2012-06-27 14:01:38	christian.heimes	create