Is this secure?

mk mrkafk at
Tue Feb 23 15:36:02 CET 2010


I need to generate passwords and I think that pseudo-random generator is 
not good enough, frankly. So I wrote this function:

import struct

def gen_rand_string():
     fileobj = open('/dev/urandom','rb')
     rstr =
     rnum = struct.unpack('L',rstr)[0]
     rstr = '%i' % rnum
     rnuml = []
     while len(rstr) >= 2:
         c = rstr[:2]
             num = int(c)
         except ValueError:
         rstr = rstr[2:]
     rnuml = map(lambda x: 97+x/4, rnuml)
     rnumc = map(chr, rnuml)
     return ''.join(rnumc)

if __name__ == "__main__":
     print gen_rand_string()

(yes I know that this way generated string will not contain 'z' because 
99/4 + 97 = 121 which is 'y')

The question is: is this secure? That is, can the string generated this 
way be considered truly random? (I abstract from not-quite-perfect 
nature of /dev/urandom at the moment; I can always switch to /dev/random 
which is better)


More information about the Python-list mailing list