Is that safe to use ramdom.random() for key to encrypt?

Steven D'Aprano steve+comp.lang.python at pearwood.info
Sun Jun 17 06:18:52 CEST 2012


On Sat, 16 Jun 2012 19:15:34 -0700, Yesterday Paid wrote:

> I'm making cipher program with random.seed(), random.random() as the key
> table of encryption.
> I'm not good at security things and don't know much about the algorithm
> used by random module.


Start by reading the Fine Manual:

http://docs.python.org/library/random.html

which answers your question:

    "it is not suitable for all purposes, and is completely 
    unsuitable for cryptographic purposes."


Please don't write yet another broken cipher program that doesn't work. 
Use a proper one that has been mathematically analysed by professionals. 
I don't mean to cast aspersions on you, but any fool can write a cipher 
program that *they* can't break themselves. It takes many years of study 
to design a cipher that professionals can't break.

At the very least, start with PyCrypto.

http://pypi.python.org/pypi/pycrypto

If all you want is to play around obfuscating data, you might be 
interested in my toy encryption module:

http://pypi.python.org/pypi/obfuscate/

(which is also completely unsuitable for cryptographic purposes, but may 
be useful if you have some interest in the history of cryptography).



> Is it really random or safe enough to keep my data safe?

Safe from what? What is your threat model? Are you worried about your 
little sister reading your diary? Or the NSA discovering your plans to 
assassinate the President? Or something in between?

Python's random module is not cryptographically strong, which means that 
it will probably take an organisation like the NSA, MI5, ASIO, Mossad, 
etc. about 10 or 20 minutes to crack your password. But your little 
sister will probably take a hundred million years to guess it.


-- 
Steven


More information about the Python-list mailing list