https://stackoverflow.com/questions/14424823
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianuuid v4 has 122 random bits (of a possible 128) so, yes, it should be fine as a CSRF token.
(BTW, does hashing this accomplish anything? It's not really doing much other than shuffling random bits around.)
is a hashed uuid4 a good csrf token?
题
Is this a good csrf token? Does it have enough entropy, or are there parts that are easily guessable and could reduce the entropy, like the time of the request?
An example python implementation would b
token = hashlib.sha256(str(uuid.uuid4())).hexdigest()
解决方案
不隶属于 StackOverflow
