When get_random_string is being used in get_random_secret_key, or CSRF key
generation, would it be advantageous to specify the strength
On Monday, March 7, 2016 at 10:10:53 AM UTC-6, Tim Graham wrote:
>
> My opinion is that django.utils needn't grow features that Django itself
> doesn't use.
>
My opinion is that django.utils needn't grow features that Django itself
doesn't use.
On Monday, March 7, 2016 at 11:04:48 AM UTC-5, Nick Timkovich wrote:
>
> By the presence of a "bits" measure in the documentation of the function
> it seems to be known that it's a measure of interest. The bene
By the presence of a "bits" measure in the documentation of the function it
seems to be known that it's a measure of interest. The benefit of adding it
into Django is that by review of others it can be assured to be correct and
will reduce the likelihood of security-related bugs. A bit contrived
Can't you just define your own function called "get_random_string_entropy" that
calculates the length and then calls get_random_string?
What would be the benefit of doing that in Django directly?
Am 05.03.2016 um 00:15 schrieb Nick Timkovich:
> Rather than guess at the appropriate string length to
Rather than guess at the appropriate string length to get some level of
security, I'd like to add a (minimum) bits of entropy argument to
get_random_string, so I could say something like get_random_string(bits=256)
and have it do the math for me: math.ceil(bits /
math.log2(len(allowed_chars))).
