STINNER Victor added the comment: With 8 lowercase characters, the entropy is 41.7 bits, whereas it is only 35.9 bits for 6 characters with uppercase and lowercase letters.
>>> math.log(26+26+10+1, 2) * 6 # (a-zA-Z0-9_) x 6 35.8636795409995 >>> math.log(26+10+1, 2) * 6 # (a-z0-9_) x 6 31.256720193773702 >>> math.log(26+10+1, 2) * 8 # (a-z0-9_) x 8 41.6756269250316 My changeset improves the entropy, it is now higher than with the old charset. I don't know if it is enough or not to be safe. systemd creates a temporary directory per service. Linux 3.11 will add a new O_TMPFILE to open() which allow to create a file with no name. Using the flag should help to workaround the race condition attack. See #18673 for O_TMPFILE. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue12015> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
