Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is this a good csrf token? Does it have enough entropy, or are there parts that are easily guessable and could reduce the entropy, like the time of the request?
An example python implementation would b
token = hashlib.sha256(str(uuid.uuid4())).hexdigest()
uuid v4 has 122 random bits (of a possible 128) so, yes, it should be fine as a CSRF token.
(BTW, does hashing this accomplish anything? It’s not really doing much other than shuffling random bits around.)