David Lukeš <dafydd.lu...@gmail.com> added the comment: > A secure `mktemp` could be as simple as ...
Though in practice, I'd rather be inclined to make the change in `tempfile._RandomNameSequence`, so as to get the same behavior across the entire module, instead of special-casing `mktemp`. As Guido van Rossum points out (see <https://mail.python.org/pipermail/python-dev/2019-March/156746.html>), that would improve the security of all the names generated by the `tempfile` module, not just `mktemp`: > Hm, the random sequence (implemented in tempfile._RandomNameSequence) is > currently derived from the random module, which is not cryptographically > secure. Maybe all we need to do is replace its source of randomness with > one derived from the secrets module. That seems a one-line change. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue43604> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
