Is that safe to use ramdom.random() for key to encrypt?

Chris Angelico rosuav at gmail.com
Sun Jun 17 06:48:12 CEST 2012


On Sun, Jun 17, 2012 at 2:18 PM, Steven D'Aprano
<steve+comp.lang.python at pearwood.info> wrote:
> Safe from what? What is your threat model? Are you worried about your
> little sister reading your diary? Or the NSA discovering your plans to
> assassinate the President? Or something in between?
>
> Python's random module is not cryptographically strong, which means that
> it will probably take an organisation like the NSA, MI5, ASIO, Mossad,
> etc. about 10 or 20 minutes to crack your password. But your little
> sister will probably take a hundred million years to guess it.

Your little sister would quite possibly be kept off by rot13, which
everyone knows isn't cryptographically secure. All it takes is making
something look encrypted and most people won't bother to try (plus
it's the whole "this isn't public kthx" thing, which many people will
respect).

Of course, if you're just trying to fool the BOFH's technical manager,
it's even easier.

http://bofh.ch/newbofh/bofh4oct.html

ChrisA


More information about the Python-list mailing list