Is that safe to use ramdom.random() for key to encrypt?
rosuav at gmail.com
Sun Jun 17 06:48:12 CEST 2012
On Sun, Jun 17, 2012 at 2:18 PM, Steven D'Aprano
<steve+comp.lang.python at pearwood.info> wrote:
> Safe from what? What is your threat model? Are you worried about your
> little sister reading your diary? Or the NSA discovering your plans to
> assassinate the President? Or something in between?
> Python's random module is not cryptographically strong, which means that
> it will probably take an organisation like the NSA, MI5, ASIO, Mossad,
> etc. about 10 or 20 minutes to crack your password. But your little
> sister will probably take a hundred million years to guess it.
Your little sister would quite possibly be kept off by rot13, which
everyone knows isn't cryptographically secure. All it takes is making
something look encrypted and most people won't bother to try (plus
it's the whole "this isn't public kthx" thing, which many people will
Of course, if you're just trying to fool the BOFH's technical manager,
it's even easier.
More information about the Python-list