本文介绍了哪个更安全使用? uuid,binascii.hexlify(os.urandom())或random.SystemRandom()吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想为注册了该服务的用户创建唯一的<client-key><client-secret>.

I want to create unique <client-key> and <client-secret> for the users who registers themselves for the service.

因此,我正在搜索相同的内容,并提出了以下选项:

So, I was searching for the same and came up with these options:

  • uuid
  • binascii.hexlify(os.urandom(x))
  • random.SystemRandom()

这是一个愚蠢的问题,但是我想知道哪种实现更安全(带有正确的解释)?为什么?和其他相比,使用它有什么优势?

It's a silly question but I want to know that which implementation is more secure to use (with proper explanation)? Why? And what are the advantages of using it over others?

AFAIK, random.SystemRandom() 使用 os.urandom(x) .因此,主要比较 uuid random.SystemRandom() .

AFAIK, random.SystemRandom() uses os.urandom(x). So comparison is mainly between uuid and random.SystemRandom().

这是我到目前为止尝试过的:

Here's what I've tried so far:

1)

import random
temp = random.SystemRandom()
random_seq = ''.join(temp.choice(CHARACTER_SET) for x in range(x))
>>> 'wkdnP3EWxtEQWnB5XhqgNOr5RKL533vO7A40hsin'

2)

import uuid
str(uuid.uuid4())
>>> 'f26155d6-fa3d-4206-8e48-afe15f26048b'

我不确定该解决方案.因此,我们将不胜感激.

I'm not sure about the solution. So, any help would be appreciated.


PS 如果适用于Python 2.x和3.x的任何解决方案都很好.


P.S.It'd be great if any solution is available for both Python 2.x and 3.x.

推荐答案

没有什么区别,所有在Python 3和2中都使用os.urandom.uuid4 通过传入16个随机字节来实例化一个新的UUID对象:

It does not make any difference, all are of them use os.urandom both in Python 3 and 2. uuid4 just instantiates a new UUID object by passing in 16 random bytes to it:

def uuid4():
    """Generate a random UUID."""
    return UUID(bytes=os.urandom(16), version=4)

因此,从如何生成随机性的角度来看,这些没有什么不同.

so from a standpoint of how the randomness is generated, these don't differ.

这篇关于哪个更安全使用? uuid,binascii.hexlify(os.urandom())或random.SystemRandom()吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-23 14:44