core.crypto.token

Attributes

RANDOM_TOKEN_LENGTH

Functions

`random_token`(→ str)	Generates an unguessable token. Generates a random string with
`stored_random_token`(→ str)	A random token that is only created once per boot of the host

Module Contents

core.crypto.token.RANDOM_TOKEN_LENGTH = 64[source]

core.crypto.token.random_token(nbytes: int = 512) → str[source]

Generates an unguessable token. Generates a random string with the given number of bytes (may not be lower than 512) and hashes the result to get a token with a consistent length of 64.

Why hashing?

We could of course just create a random token with a length of 64, but that would leak the random numbers we actually create. This can be a bit of a problem if the random generator you use turns out to have some vulnerability. By hashing a larger number we hide the result of our random generator.

Doesn’t generating a hash from a larger number limit the number of tokens?

Yes it does. The number of different tokens is 2^256 after hashing, which is a number larger than all the atoms on earth (approx. 2^166). So there is a chance of a collision occuring, but it is very unlikely to ever happen.

More information:

https://wyattbaldwin.com/2014/01/09/generating-random-tokens-in-python

https://www.2uo.de/myths-about-urandom/

https://crypto.stackexchange.com/q/1401

core.crypto.token.stored_random_token(namespace: str, name: str) → str[source]

A random token that is only created once per boot of the host (assuming the host deletes all files in the /tmp folder).

This method should only be used for development and is not meant for general use!