On Tue, Mar 13, 2018 at 2:10 AM, Antoine Pitrou <solip...@pitrou.net> wrote: > On Tue, 13 Mar 2018 01:10:33 +1100 > Chris Angelico <ros...@gmail.com> wrote: >> On Tue, Mar 13, 2018 at 1:04 AM, Antoine Pitrou <solip...@pitrou.net> wrote: >> > (I'm not sure what "smaller QR code" means. Given a QR code is >> > basically a computer analysis-friendly glyph that you show your phone >> > or other device to perform pattern recognition on, why does it matter >> > whether the QR code is "small" or not?) >> >> A QR code encoding more data requires finer resolution at the same >> size. That means the camera needs to be closer to it, all else being >> equal. > > Is that important here? I would expect the user to be (physically) > close to the QR code. It's not like a QR code containing secret > credentials will be posted on a wall in a random street or subway > station (at least I hope so :-)).
Depends what you mean by "secret". Let's suppose you host a video sharing site (we'll call it, say, "me tube") and need to create URLs for videos as they get uploaded. These URLs should be impossible to predict, but easy to share. How long do they need to be? If they're encoded using token_urlsafe (base 64), you get six bits of randomness per character of URL; the default entropy looks like http://metube.example/SoO8IclkLFcfPX2pA7okFHdoSrZjKtrAmDdmFvC2O6Y which is going to make a large and complicated QR code that you have to be very close to. But you don't really need these to be THAT secure. It'd be fine to use token_urlsafe(16) to make something like http://metube.example/9IoJVtQrhic4Xi633mJ7MQ; and our nearest competitor uses even shorter URLs like http://youtu.be/B7xai5u_tnk (about equivalent to token_urlsafe(9)). Let's look at those URLs: 32: http://metube.example/SoO8IclkLFcfPX2pA7okFHdoSrZjKtrAmDdmFvC2O6Y 16: http://metube.example/9IoJVtQrhic4Xi633mJ7MQ 09: http://metube.example/ziCHRKMlr8rX YT: http://youtu.be/B7xai5u_tnk Using the 'secrets' module to generate URLs like this isn't wrong; since these URLs have to be unguessable (you shouldn't be able to type http://metube.example/aaaaac and get someone's secret unlisted video), their identifiers have to be functionally equivalent to session IDs and such. And since advertisers *do* want to put links to their videos onto billboards, QR codes are definitely a thing; and companies won't use metube if its competitor's QR codes can be scanned reliably from two platforms across and ours need to be scanned from right up next to it. As you can see from this analysis, the boundary for "good enough" is incredibly rubbery, but there is definitely value in making shorter URLs. 32: https://chart.googleapis.com/chart?cht=qr&chl=http%3A%2F%2Fmetube.example%2FSoO8IclkLFcfPX2pA7okFHdoSrZjKtrAmDdmFvC2O6Y&chs=180x180&choe=UTF-8&chld=L|2 16: https://chart.googleapis.com/chart?cht=qr&chl=http%3A%2F%2Fmetube.example%2F9IoJVtQrhic4Xi633mJ7MQ&chs=180x180&choe=UTF-8&chld=L|2 09: https://chart.googleapis.com/chart?cht=qr&chl=http%3A%2F%2Fmetube.example%2FziCHRKMlr8rX&chs=180x180&choe=UTF-8&chld=L|2 (and YT: https://chart.googleapis.com/chart?cht=qr&chl=http%3A%2F%2Fyoutu.be%2FB7xai5u_tnk&chs=180x180&choe=UTF-8&chld=L|2 for comparison) The longer the URL, the noisier the image, and thus the nearer you need to be for a reliable scan. ChrisA _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
