#9687: Use more randomness in secret key generation
-----------------------------------------+----------------------------------
Reporter: [EMAIL PROTECTED] | Owner: nobody
Status: closed | Milestone:
Component: Core framework | Version: 1.0
Resolution: wontfix | Keywords: SECRET_KEY random
Stage: Unreviewed | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-----------------------------------------+----------------------------------
Comment (by mtredinnick):
Perhaps you could leave the passive-aggressive attitude and ad hominem
attachs at home next time. I'm grateful you looked at this and posted a
patch, but that doesn't make it a slam dunk. Your assertion about our
understanding isn't correct, primarily because we're not using MD5 hashing
for cryptographic purposes (we're using the uniform hashing properties).
For example, #1180 is an example of why PRNG handling has to be done
carefully and it was a bug that was fixed carefully.
If you have an actual technical problem with this being closed, feel free
to raise it in the appropriate way. I closed this because it doesn't
significantly increase the security of the system. The current key length
is already long enough to cover the space of generated MD5 digests twice
over (and using a reduced alphabet makes the unlikely event of generating
a false pre-image less likely). Changing code just because we can is never
a goal in software.
I'm sorry you feel your patch was unfairly rejected, but it's not because
of the reasons you mention and you're being unfair to myself and others.
--
Ticket URL: <http://code.djangoproject.com/ticket/9687#comment:3>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---