This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients amaury.forgeotdarc, eric.araujo, ncoghlan, neologix, pitrou, planet36, python-dev, rhettinger, vstinner
Date 2013-08-13.23:35:48
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1376436948.93.0.961224995139.issue12015@psf.upfronthosting.co.za>
In-reply-to
Content 
With 8 lowercase characters, the entropy is 41.7 bits, whereas it is only 35.9 bits for 6 characters with uppercase and lowercase letters. >>> math.log(26+26+10+1, 2) * 6 # (a-zA-Z0-9_) x 6 35.8636795409995 >>> math.log(26+10+1, 2) * 6 # (a-z0-9_) x 6 31.256720193773702 >>> math.log(26+10+1, 2) * 8 # (a-z0-9_) x 8 41.6756269250316 My changeset improves the entropy, it is now higher than with the old charset. I don't know if it is enough or not to be safe. systemd creates a temporary directory per service. Linux 3.11 will add a new O_TMPFILE to open() which allow to create a file with no name. Using the flag should help to workaround the race condition attack. See #18673 for O_TMPFILE.
History
Date User Action Args
2013-08-13 23:35:48vstinnersetrecipients: + vstinner, rhettinger, amaury.forgeotdarc, ncoghlan, pitrou, eric.araujo, neologix, python-dev, planet36
2013-08-13 23:35:48vstinnersetmessageid: <1376436948.93.0.961224995139.issue12015@psf.upfronthosting.co.za>
2013-08-13 23:35:48vstinnerlinkissue12015 messages
2013-08-13 23:35:48vstinnercreate