I usually go with just: uuid.uuid4().hex
I'm not 100% sure whether it uses /dev/urandom, or something GAE- specific. I'm fairly confident it doesn't rely on the Mersenne Twister though. On Apr 3, 7:21 pm, Ulrich <[email protected]> wrote: > Or is it better to use something like: > random = random.SystemRandom() > because it does not use the Mersenne Twister? > > -Ulrich > > > > Ulrich wrote: > > Hi, > > > I have a short question on a security aspect. To generate something > > like a session ID or other random strings that need to be secure and > > unpredictable, I would use a code like this one: > > > # start of the script (will be called 1 time when instance is loaded?) > > import os > > import random > > import string > > random.seed(os.urandom(24)) > > > # later in the code > > class Test(webapp.RequestHandler): > > def get(self): > > topsecret = > > u''.join([random.choice(string.digits+string.uppercase+string.lowercase > > ) for c in range(16)]) > > > Is this secure? Or is topsecret predictable if you know previous > > values of topsecret that were generated by the same instance? > > > -Ulrich -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
