On 2016-02-22, Chris Angelico <[email protected]> wrote:
> On Tue, Feb 23, 2016 at 5:39 AM, Jon Ribbens
><[email protected]> wrote:
>> On 2016-02-22, Chris Angelico <[email protected]> wrote:
>>> On Tue, Feb 23, 2016 at 5:17 AM, Jon Ribbens
>>><[email protected]> wrote:
>>>> Weeeeeell, I have a lot of sympathy for that point, but on the other
>>>> hand the whole concept of UUIDs ("import uuid") is predicated on the
>>>> opposite assumption.
>>>
>>> Not quite opposite. Ethan is asserting that you cannot be *certain*
>>> without actually checking the FS; the point of UUIDs is that you can
>>> be fairly *confident* that there won't be a collision. There is a
>>> nonzero probability of accidental collisions, and if an attacker is
>>> deliberately trying to _force_ a collision, it's most definitely
>>> possible. So both views are correct.
>>
>> I was under the impression that the point of UUIDs is that you can be
>> *so* confident that there won't be a collision that for all practical
>> purposes it's indistinguishable from being certain.
>
> Maybe, if everyone's cooperating. I'm not sure how they fare in the
> face of malice though.
Suppose you had code like this:
filename = binascii.hexlify(os.urandom(16)).decode("ascii")
Do we really think that is insecure or that there are any practical
attacks against it? It would be basically the same as saying that
urandom() is broken, surely?
--
https://mail.python.org/mailman/listinfo/python-list
