Is that safe to use ramdom.random() for key to encrypt?
Jon Clements
joncle at googlemail.com
Sat Jun 16 23:12:20 EDT 2012
On Sun, 17 Jun 2012 12:31:04 +1000, Chris Angelico wrote:
> On Sun, Jun 17, 2012 at 12:15 PM, Yesterday Paid
> <howmuchistoday at gmail.com> wrote:
>> I'm making cipher program with random.seed(), random.random() as the
>> key table of encryption.
>> I'm not good at security things and don't know much about the algorithm
>> used by random module.
>
> For security, you don't want any algorithm, you want something like
> /dev/random (on Unix-like platforms).
>
> I'm pretty sure Python includes crypto facilities. Unless it (most
> oddly) lacks these batteries, I would recommend using one of them
> instead.
>
> ChrisA
Cryptography is a complex subject - I've had the (mis)fortune to study it
briefly.
Whatever you do - *do not* attempt to write your own algorithm.
Python includes hashlib (forms of SHA and MD5) and uuid modules, but I
take it a symmetric or possibly public/private key system is required -
depending on what you want to secure, where it's stored and who needs
access.
I generally find a separate partition with an encrypted file-system
(which is fairly straight forward on *nix systems or I think there's a
product out there that works with Windows), is a lot easier and puts the
load on the filesystem/OS instead of having to be handled in your
application is a lot simpler.
Jon
More information about the Python-list
mailing list