Template language for random string generation
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Sun Aug 10 22:22:33 EDT 2014
Devin Jeanpierre wrote:
> On Sun, Aug 10, 2014 at 9:31 AM, Steven D'Aprano
> <steve+comp.lang.python at pearwood.info> wrote:
>> I don't think that using a good, but not cryptographically-strong, random
>> number generator to generate passwords is a serious vulnerability. What's
>> your threat model?
>
> I've always wanted a password generator that worked on the fly based
> off of a master password. If the passwords are generated randomly but
> not cryptographically securely so, then given sufficiently many
> passwords, the master password might be deduced.
o_O
So, what you're saying is that you're concerned that if an attacker has all
your passwords, they might be able to generate new passwords?
[...]
>>> Someone should write a cryptographically secure pseudorandom number
>>> generator library for Python. :(
>>
>> Here, let me google that for you
>
> I should clarify that OpenSSL has one (which is what I assume you're
> alluding to),
No. If you follow the link I provided, I'm sure you will find what you are
after.
> but it doesn't let you choose the seed, so it's useless
> for deterministic password generation. There are also lots of small
> libraries some person wrote at some time, but that sounds shady. ;)
You mean the opposite to OpenSSL, which was handed down to Mankind from the
Gods? The size of the library doesn't matter, what matters is how well it
implements what crypto standards.
--
Steven
More information about the Python-list
mailing list