Is this secure?

mk mrkafk at gmail.com
Tue Feb 23 15:36:02 CET 2010


Hello,

I need to generate passwords and I think that pseudo-random generator is 
not good enough, frankly. So I wrote this function:

import struct

def gen_rand_string():
     fileobj = open('/dev/urandom','rb')
     rstr = fileobj.read(4)
     rnum = struct.unpack('L',rstr)[0]
     rstr = '%i' % rnum
     rnuml = []
     while len(rstr) >= 2:
         c = rstr[:2]
         try:
             num = int(c)
             rnuml.append(num)
         except ValueError:
             pass
         rstr = rstr[2:]
     rnuml = map(lambda x: 97+x/4, rnuml)
     rnumc = map(chr, rnuml)
     return ''.join(rnumc)

if __name__ == "__main__":
     print gen_rand_string()

(yes I know that this way generated string will not contain 'z' because 
99/4 + 97 = 121 which is 'y')

The question is: is this secure? That is, can the string generated this 
way be considered truly random? (I abstract from not-quite-perfect 
nature of /dev/urandom at the moment; I can always switch to /dev/random 
which is better)


Regards,
mk




More information about the Python-list mailing list