Is that safe to use ramdom.random() for key to encrypt?
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Sun Jun 17 00:18:52 EDT 2012
On Sat, 16 Jun 2012 19:15:34 -0700, Yesterday Paid wrote:
> I'm making cipher program with random.seed(), random.random() as the key
> table of encryption.
> I'm not good at security things and don't know much about the algorithm
> used by random module.
Start by reading the Fine Manual:
http://docs.python.org/library/random.html
which answers your question:
"it is not suitable for all purposes, and is completely
unsuitable for cryptographic purposes."
Please don't write yet another broken cipher program that doesn't work.
Use a proper one that has been mathematically analysed by professionals.
I don't mean to cast aspersions on you, but any fool can write a cipher
program that *they* can't break themselves. It takes many years of study
to design a cipher that professionals can't break.
At the very least, start with PyCrypto.
http://pypi.python.org/pypi/pycrypto
If all you want is to play around obfuscating data, you might be
interested in my toy encryption module:
http://pypi.python.org/pypi/obfuscate/
(which is also completely unsuitable for cryptographic purposes, but may
be useful if you have some interest in the history of cryptography).
> Is it really random or safe enough to keep my data safe?
Safe from what? What is your threat model? Are you worried about your
little sister reading your diary? Or the NSA discovering your plans to
assassinate the President? Or something in between?
Python's random module is not cryptographically strong, which means that
it will probably take an organisation like the NSA, MI5, ASIO, Mossad,
etc. about 10 or 20 minutes to crack your password. But your little
sister will probably take a hundred million years to guess it.
--
Steven
More information about the Python-list
mailing list