I think this must be a stupid question, but why do the results of urlsafe_b64encode() always end with a '=' for me? '=' isn't url safe?
from random import getrandbits
from base64 import urlsafe_b64encode
from hashlib import sha256
from time import sleep
def genKey():
keyLenBits = 64
a = str(getrandbits(keyLenBits))
b = urlsafe_b64encode(sha256(a).digest())
print b
while 1:
genKey()
sleep(1)
output :
DxFOVxWvvzGdOSh2ARkK-2XPXNavnpiCkD6RuKLffvA=
xvA99ZLBrLvtf9-k0-YUFcLsiKl8Q8KmkD7ahIqPZ5Y=
jYbNK7j62KCBA5gnoiSpM2AGOPxmyQTIJIl_wWdOwoY=
CPIKkXPfIX4bd8lQtUj1dYG3ZOBxmZTMkVpmR7Uvu4s=
HlTs0tBW805gaxfMrq3OPOa6Crg7MsLSLnqe-eX0JEA=
FKRu0ePZEppHsvACWYssL1b2uZhjy9UU5LI8sWIqHe8=
aY_kVaT8kjB4RRfp3S6xG2vJaL0vAwQPifsBcN1LYvo=
6Us3XsewqnEcovMb5EEPtf4Fp4ucWfjPVso-UkRuaRc=
_vAI943yOWs3t2F6suUGy47LJjQsgi_XLiMKhYZnm9M=
CcUSXVqPNT_eb8VXasFXhvNosPOWQQWjGlipQp_68aY=
-
Base64 uses '=' for padding. Your string bit length isn't divisible by 24, so it's padded with '='. By the way, '=' should be URL safe as it's often used for parameters in URLs.
See this discussion, too.
Tomalak : You mean "divisible by 4".Ant P. : No, divisible by 24, i.e. 3 input bytes per 4 out.Tomalak : Oh, you said "the *bit* length". Then you are right of course. But since when does Base64 operate on bits? -
The '=' is for padding. If you want to pass the output as the value of a URL parameter, you'll want to escape it first, so that the padding doesn't get lost when later reading in the value.
import urllib param_value = urllib.quote_plus(b64_data)Python is just following RFC3548 by allowing the '=' for padding, even though it seems like a more suitable character should replace it.
-
I would expect that an URI parser would ignore a "=" in the value part of a parameter.
The URI parameters are: "&" , [name], "=", [value], next, so an equals sign in the value part is harmless. An unescaped ampersand has more potential to break the parser.
0 comments:
Post a Comment