Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #75998

Re: Template language for random string generation

References <14d94692-2257-4dfb-a82f-f1674a839233@googlegroups.com> <mailman.12817.1407674628.18130.python-list@python.org> <53e79e46$0$29967$c3e8da3$5496439d@news.astraweb.com>
From Devin Jeanpierre <jeanpierreda@gmail.com>
Date 2014-08-10 11:28 -0700
Subject Re: Template language for random string generation
Newsgroups comp.lang.python
Message-ID <mailman.12823.1407696946.18130.python-list@python.org> (permalink)

Show all headers | View raw

On Sun, Aug 10, 2014 at 9:31 AM, Steven D'Aprano
<steve+comp.lang.python@pearwood.info> wrote:
>> (I've been working on this kind of thing with regexps, but it's still
>> incomplete.)
>>
>>> * Uses SystemRandom class (if available, or falls back to Random)
>>
>> This sounds cryptographically weak. Isn't the normal thing to do to
>> use a cryptographic hash function to generate a pseudorandom sequence?
>
> I don't think that using a good, but not cryptographically-strong, random
> number generator to generate passwords is a serious vulnerability. What's
> your threat model?

I've always wanted a password generator that worked on the fly based
off of a master password. If the passwords are generated randomly but
not cryptographically securely so, then given sufficiently many
passwords, the master password might be deduced. CSPRNGs guarantee
otherwise.

>> Someone should write a cryptographically secure pseudorandom number
>> generator library for Python. :(
>
> Here, let me google that for you

I should clarify that OpenSSL has one (which is what I assume you're
alluding to), but it doesn't let you choose the seed, so it's useless
for deterministic password generation. There are also lots of small
libraries some person wrote at some time, but that sounds shady. ;)

-- Devin

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-08 02:01 -0700
  Re: Template language for random string generation Chris Angelico <rosuav@gmail.com> - 2014-08-08 19:22 +1000
    Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-08 02:42 -0700
      Re: Template language for random string generation Ned Batchelder <ned@nedbatchelder.com> - 2014-08-08 07:20 -0400
        Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-08 06:02 -0700
      Re: Template language for random string generation Chris Angelico <rosuav@gmail.com> - 2014-08-08 21:29 +1000
        Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-08 06:03 -0700
  Re: Template language for random string generation Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-08-09 00:08 +1000
  Re: Template language for random string generation Skip Montanaro <skip@pobox.com> - 2014-08-08 09:35 -0500
    Re: Template language for random string generation cwolf.algo@gmail.com - 2014-08-08 11:43 -0700
      Re: Template language for random string generation Nick Cash <nick.cash@npcinternational.com> - 2014-08-08 20:28 +0000
  Re: Template language for random string generation Ian Kelly <ian.g.kelly@gmail.com> - 2014-08-08 16:03 -0600
    Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-08 23:52 -0700
      Re: Template language for random string generation Ian Kelly <ian.g.kelly@gmail.com> - 2014-08-09 01:49 -0600
      Re: Template language for random string generation Ian Kelly <ian.g.kelly@gmail.com> - 2014-08-09 01:57 -0600
  Re: Template language for random string generation Devin Jeanpierre <jeanpierreda@gmail.com> - 2014-08-10 05:43 -0700
    Re: Template language for random string generation Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-08-11 02:31 +1000
      Re: Template language for random string generation Devin Jeanpierre <jeanpierreda@gmail.com> - 2014-08-10 11:28 -0700
        Re: Template language for random string generation Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-08-11 12:22 +1000
          Re: Template language for random string generation Chris Angelico <rosuav@gmail.com> - 2014-08-11 12:31 +1000
          Re: Template language for random string generation Devin Jeanpierre <jeanpierreda@gmail.com> - 2014-08-11 00:01 -0700
      Re: Template language for random string generation Chris Angelico <rosuav@gmail.com> - 2014-08-11 05:25 +1000
      Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-10 22:06 -0700
        Re: Template language for random string generation Mark Lawrence <breamoreboy@yahoo.co.uk> - 2014-08-11 08:58 +0100
    Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-10 09:34 -0700
      Re: Template language for random string generation Ian Kelly <ian.g.kelly@gmail.com> - 2014-08-10 10:47 -0600
        Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-10 21:56 -0700
      Re: Template language for random string generation Devin Jeanpierre <jeanpierreda@gmail.com> - 2014-08-10 11:48 -0700
  Re: Template language for random string generation Ian Kelly <ian.g.kelly@gmail.com> - 2014-08-10 10:38 -0600

csiph-web