Python uuid.uuid4是否足够强大，可用于密码重置链接？ [英] Is Python uuid.uuid4 strong enough for password reset links?

问题描述

这是我用来为我的应用程序生成密码重置链接的代码：

This is the code I use to generate a password reset link for my app:

def create_unique_code():
    return str(uuid.uuid4())

足够强大吗？我使用的是一两天的到期时间。

Is that strong enough? I use a one or two day expiry time.

推荐答案

是的，UUID4完全随机且足够长，可以排除暴力破解或幸运的猜测。因此，只要RNG uuid.uuid4（）提供足够好的随机性，您就可以了。

Yes, a UUID4 is fully random and long enough to rule out brute forcing or lucky guesses. So as long as whatever RNG uuid.uuid4() provides sufficiently good randomness you should be fine.

但是，考虑使用例如加密签名的令牌（ itsdangerous 库可以处理该令牌）-不仅可以在生成令牌时指定到期时间，还不必存储有关服务器上令牌的任何信息。

However, consider using e.g. a cryptographically signed token (the itsdangerous lib can take care of it) - not only can you specify an expiry time right when generating it, you also won't necessarily have to store anything about the token on your server.

这篇关于Python uuid.uuid4是否足够强大，可用于密码重置链接？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！