core.crypto.token¶
Attributes¶
Functions¶

Generates an unguessable token. Generates a random string with 

A random token that is only created once per boot of the host 
Module Contents¶
 core.crypto.token.random_token(nbytes: int = 512) str [source]¶
Generates an unguessable token. Generates a random string with the given number of bytes (may not be lower than 512) and hashes the result to get a token with a consistent length of 64.
Why hashing?
We could of course just create a random token with a length of 64, but that would leak the random numbers we actually create. This can be a bit of a problem if the random generator you use turns out to have some vulnerability. By hashing a larger number we hide the result of our random generator.
Doesn’t generating a hash from a larger number limit the number of tokens?
Yes it does. The number of different tokens is 2^256 after hashing, which is a number larger than all the atoms on earth (approx. 2^166). So there is a chance of a collision occuring, but it is very unlikely to ever happen.
More information:
https://wyattbaldwin.com/2014/01/09/generatingrandomtokensinpython