Menu
Is this a good csrf token? Does it have enough entropy, or are there parts that are easily guessable and could reduce the entropy, like the time of the request?
An example python implementation would b
token = hashlib.sha256(str(uuid.uuid4())).hexdigest()
808
uuid v4 has 122 random bits (of a possible 128) so, yes, it should be fine as a CSRF token.
(BTW, does hashing this accomplish anything? It's not really doing much other than shuffling random bits around.)
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
