Jon Ribbens <jon+use...@unequivocal.co.uk>:
> Suppose you had code like this:
>
> filename = binascii.hexlify(os.urandom(16)).decode("ascii")
>
> Do we really think that is insecure or that there are any practical
> attacks against it? It would be basically the same as saying that
> urandom() is broken, surely?
urandom() is not quite random and so should not be considered
cryptographically airtight.
Under Linux, /dev/random is the way to go when strong security is
needed. Note that /dev/random is a scarce resource on ordinary systems.
Marko
--
https://mail.python.org/mailman/listinfo/python-list
