Template language for random string generation
Devin Jeanpierre
jeanpierreda at gmail.com
Sun Aug 10 14:28:39 EDT 2014
On Sun, Aug 10, 2014 at 9:31 AM, Steven D'Aprano
<steve+comp.lang.python at pearwood.info> wrote:
>> (I've been working on this kind of thing with regexps, but it's still
>> incomplete.)
>>
>>> * Uses SystemRandom class (if available, or falls back to Random)
>>
>> This sounds cryptographically weak. Isn't the normal thing to do to
>> use a cryptographic hash function to generate a pseudorandom sequence?
>
> I don't think that using a good, but not cryptographically-strong, random
> number generator to generate passwords is a serious vulnerability. What's
> your threat model?
I've always wanted a password generator that worked on the fly based
off of a master password. If the passwords are generated randomly but
not cryptographically securely so, then given sufficiently many
passwords, the master password might be deduced. CSPRNGs guarantee
otherwise.
>> Someone should write a cryptographically secure pseudorandom number
>> generator library for Python. :(
>
> Here, let me google that for you
I should clarify that OpenSSL has one (which is what I assume you're
alluding to), but it doesn't let you choose the seed, so it's useless
for deterministic password generation. There are also lots of small
libraries some person wrote at some time, but that sounds shady. ;)
-- Devin
More information about the Python-list
mailing list