[Python-Dev] Remove tempfile.mktemp() (original) (raw)

Anders Munch ajm at flonidan.dk
Wed Mar 20 07:25:03 EDT 2019

• Previous message (by thread): [Python-Dev] Remove tempfile.mktemp()
• Next message (by thread): [Python-Dev] Remove tempfile.mktemp()
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nathaniel J. Smith:

Historically, mktemp variants have caused tons of serious security vulnerabilities. It's not a theoretical issue.

All the more reason to have a standard library function that gets it right.

The choice of ENTROPYBYTES is an interesting question. 16 (= 128 bits) would be a nice "obviously safe" number, and gives 22-byte filenames. We might be able to get away with fewer, if we had a plausible cost model for the attack. This is another point where a security specialist might be helpful :-).

I'm not a security specialist but I play one on TV. Here's my take on it.

Any kind of brute force attack will require at least one syscall per try, to create a file or check if a file by a given name exists. It's a safe assumption that names have to be tried individually, because if the attacker has a faster way of enumerating existing file names, then the entropy of the filename is worthless anyway.

That means even with only 41 bits of entry, the attacker will have make 2^40 tries on average. For an individual short-lived file, that could be enough; even with a billion syscalls per second, that's over a thousand seconds, leaving plenty of time to initiate whatever writes the file.

However, there could be applications where the window of attack is very long, hours or days even, or that are constantly writing new temporary files, and where the attacker can keep trying at a rapid pace, and then 41 bits is definitely not secure.

128 bits seems like overkill: There's no birthday attack because no-one keeps 2^(ENTROPY_BITS/2) files around, and the attack is running on the attackee's system, so there's no using specialised accelerator hardware. I'd say 64 bits is enough under those circumstances, but I wouldn't be surprised if a better security specialist could make a case for more. So maybe go with 80 bits, that's puts it at 15 or 16 characters.

Med venlig hilsen/Best regards

Anders Munch Chief Security Architect

T: +45 76266981 * M: +45 51856626 ajm at flonidan.dk * www.flonidan.com FLONIDAN A/S * Islandsvej 29 * DK-8700 Horsens * CVR: 89919916
Winner of the 2018 Frost & Sullivan Customer Leadership Award

• Previous message (by thread): [Python-Dev] Remove tempfile.mktemp()
• Next message (by thread): [Python-Dev] Remove tempfile.mktemp()
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list