[Python-ideas] Python's Source of Randomness and the random.py module Redux
Steven D'Aprano
steve at pearwood.info
Thu Sep 10 05:46:08 CEST 2015
On Wed, Sep 09, 2015 at 08:01:16PM -0400, Donald Stufft wrote:
[...]
> Looking on google, the first result for "python random password" is
> StackOverflow which suggests:
>
> ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(N))
>
> However, it was later edited to, after that, include:
>
> ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(N))
You're worried about attacks on the random number generator that
produces the characters in the password? I think I'm going to have to
see an attack before I believe that this is meaningful.
Excluding PRNGs that are hopelessly biased ("nine, nine, nine, nine...")
or predictable, how does knowing the PRNG help in an attack? Here's a
password I just generated using your "corrected" version using
SystemRandom:
06XW0X0X
(Honest, that's exactly what I got on my first try.)
Here's one I generated using the "bad" code snippet:
V6CFKCF2
How can you tell them apart, or attack one but not the other based on
the PRNG?
> So it wasn't obvious to the person who answered that question that the random
> module's module scoped functions were not appropiate for this use. It appears
> that the original answer lasted for roughly 4 years before it was corrected,
Shouldn't it be using a single instance of SystemRandom rather than a
new instance for each call?
[...]
> According to Theo, modern userland CSPRNGs can create random bytes faster than
> memcpy
That is an astonishing claim, and I'd want to see evidence for it before
accepting it.
--
Steve
More information about the Python-ideas
mailing list