Answers to Is Python uuid.uuid4 strong enough for pw reset links? ( 1 )

  1. 2017-01-06 13:01

    Yes, a UUID4 is fully random and long enough to rule out brute forcing or lucky guesses. So as long as whatever RNG uuid.uuid4() provides sufficiently good randomness you should be fine.

    However, consider using e.g. a cryptographically signed token (the itsdangerous lib can take care of it) - not only can you specify an expiry time right when generating it, you also won't necessarily have to store anything about the token on your server.

Leave a reply to - Is Python uuid.uuid4 strong enough for pw reset links?

◀ Go back