#11729: session key should extract more entropy from time.time()
-------------------------------------+--------------------------------------
Reporter: rfk | Owner: nobody
Status: new | Milestone:
Component: django.contrib.sessions | Version: SVN
Keywords: | Stage: Unreviewed
Has_patch: 1 |
-------------------------------------+--------------------------------------
The code to construct a new session key calls time.time() to get some
additional entropy, but uses the "%s" format to mix it in. The default
precision for "%s" formatting is 2 decimal places, which throws away the
bits with the highest entropy:
{{{
>>> for _ in xrange(5):
... print "%s" % (time.time(),)
...
1250468751.64
1250468751.64
1250468751.64
1250468751.64
1250468751.64
}}}
Attached is a simple patch to make it use "%.20f" instead, which is much
more convincingly "random":
{{{
>>> for _ in xrange(5):
... print "%.20f" % (time.time(),)
...
1250468874.97280406951904296875
1250468874.97284793853759765625
1250468874.97286295890808105469
1250468874.97287893295288085938
1250468874.97289204597473144531
}}}
Cheers,
Ryan
--
Ticket URL: <http://code.djangoproject.com/ticket/11729>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
