Is that safe to use ramdom.random() for key to encrypt?

Chris Angelico rosuav at
Sun Jun 17 06:48:12 CEST 2012

On Sun, Jun 17, 2012 at 2:18 PM, Steven D'Aprano
<steve+comp.lang.python at> wrote:
> Safe from what? What is your threat model? Are you worried about your
> little sister reading your diary? Or the NSA discovering your plans to
> assassinate the President? Or something in between?
> Python's random module is not cryptographically strong, which means that
> it will probably take an organisation like the NSA, MI5, ASIO, Mossad,
> etc. about 10 or 20 minutes to crack your password. But your little
> sister will probably take a hundred million years to guess it.

Your little sister would quite possibly be kept off by rot13, which
everyone knows isn't cryptographically secure. All it takes is making
something look encrypted and most people won't bother to try (plus
it's the whole "this isn't public kthx" thing, which many people will

Of course, if you're just trying to fool the BOFH's technical manager,
it's even easier.


More information about the Python-list mailing list