Is this secure?
mk
mrkafk at gmail.com
Tue Feb 23 09:36:02 EST 2010
Hello,
I need to generate passwords and I think that pseudo-random generator is
not good enough, frankly. So I wrote this function:
import struct
def gen_rand_string():
fileobj = open('/dev/urandom','rb')
rstr = fileobj.read(4)
rnum = struct.unpack('L',rstr)[0]
rstr = '%i' % rnum
rnuml = []
while len(rstr) >= 2:
c = rstr[:2]
try:
num = int(c)
rnuml.append(num)
except ValueError:
pass
rstr = rstr[2:]
rnuml = map(lambda x: 97+x/4, rnuml)
rnumc = map(chr, rnuml)
return ''.join(rnumc)
if __name__ == "__main__":
print gen_rand_string()
(yes I know that this way generated string will not contain 'z' because
99/4 + 97 = 121 which is 'y')
The question is: is this secure? That is, can the string generated this
way be considered truly random? (I abstract from not-quite-perfect
nature of /dev/urandom at the moment; I can always switch to /dev/random
which is better)
Regards,
mk
More information about the Python-list
mailing list