Is the AuthToken generator unique enough?

Asked Aug 13 '13 at 19:15

Active Aug 13 '13 at 19:15

Viewed 276 times

What will happen once I generate say a million AuthTokens for users (on multiple devices).. should I be worried about uniqueness down the line?

The line that generates the token in the API is:

    def generate_key(self):
    unique = uuid.uuid4()
    return hmac.new(unique.bytes, digestmod=sha1).hexdigest()

It seems as though it's SHA1 so I'm assuming it should be OK but perhaps I should validate not only the token but perhaps an incoming device id or e-mail?

Any thoughts?

asked Aug 13 '13 at 19:15

virtuexru

if it's standard implementation of uuid, chances for duplicate are pretty slim [wikipedia](http://en.wikipedia.org/wiki/Universally_unique_identifier#Random_UUID_probability_of_duplicates) – Konstantin Aug 13 '13 at 19:23
Yea it uses uuid4() which I looked up here (http://docs.python.org/2/library/uuid.html) it's the method to generate a random unique ID. It then takes a 'bytes' version of that (against SHA1) to create the actual token. Thank you for the Wiki link though. Was helpful. – virtuexru Aug 13 '13 at 19:24

Is the AuthToken generator unique enough?

0 Answers0