[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] Remove tempfile.mktemp()

On Wed, Mar 20, 2019 at 11:25:03AM +0000, Anders Munch wrote:

> 128 bits seems like overkill: There's no birthday attack because no-one keeps
> 2^(ENTROPY_BITS/2) files around, 

You haven't seen my Downloads folder... :-)

But seriously:

> and the attack is running on the attackee's
> system, so there's no using specialised accelerator hardware.  I'd say 64 bits
> is enough under those circumstances, but I wouldn't be surprised if a better
> security specialist could make a case for more.  So maybe go with 80 bits,
> that's puts it at 15 or 16 characters.

Why be so miserly with entropy? This probably isn't a token that goes to 
a human, who may have to type it into a web browser, or send it by SMS. 
Its likely to be a name used only by the machine. Using 128 bits is just 
22 characters using secrets.token_urlsafe().

The default entropy used by secrets is 32 bytes, which gives a 43 
character token. I have plenty of files with names longer than that:

"Funny video of cat playing piano while dog does backflips.mp4"

Of course, if you have some specific need for the file name to be 
shorter (or longer!) then there ought to be a way to set the entropy 
used. But I think the default secrets entropy is fine, and its better to 
have longer names than shorter ones, within reason. I don't think 40-50 
characters (plus any prefix or suffix) is excessive for a temporary file 
intended for use by an application rather than a human.