英文:
Is this code capable of generating Cryptographically Secure Pseudo-Random Number Generator
问题
I have a piece of code which generates a string of length 50 to 100 with random characters:
CharLIST = list('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890')
def NEW(id_len):
_id = ''
while len(_id) < id_len:
_id += random.choice(CharLIST)
return _id
NEW(random.randint(50, 100))
我有一段代码可以生成长度在50到100之间的随机字符的字符串。
I expect it to generate a completely random string which is not unpredictable:
我期望它生成完全随机的字符串,但这个字符串可能不够难以预测。
I used a code analyser which said it is not Cryptographically Secure:
我使用了代码分析工具,它指出这段代码不是密码学安全的。
But it generates random strings which I think are unpredictable based on seeing 200 results:
但根据200个结果,它生成了我认为是难以预测的随机字符串。
英文:
I have a piece of code which generates a string of length 50 to 100 with random characters
the code is :
CharLIST = list('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890')
def NEW(id_len):
_id = ''
while len(_id) < id_len:
_id += random.choice(CharLIST)
return _id
NEW(random.randint(50, 100))
I expect it to generate a completely random string which is not unpredictable
I used a code analyser which said it is not Cryptographically Secure
but it generate random strings which I think are unpredictable based on seeing 200 results
答案1
得分: 3
不,random 中的任何实用程序都不应被视为安全。它们的输出完全是确定性的。这在该模块文档的顶部强调了:
Python 使用 Mersenne Twister 作为核心生成器... 它完全是确定性的,不适合所有目的,对于加密目的来说完全不合适。
[...]
警告: 本模块的伪随机生成器不应用于安全目的。对于安全或加密用途,请参见
secrets模块。
正如建议的那样,对于密码学安全的随机数生成,您应该使用 secrets 模块:
secrets模块用于生成适用于管理密码、帐户认证、安全令牌和相关机密的密码学强随机数。特别地,
secrets应该优先于random模块中的默认伪随机数生成器,后者设计用于建模和模拟,而不是安全或加密。
对于您的特定用例,secrets 模块提供了一个与 random.choice 类似的 secrets.choice 函数。
英文:
No, none of the utilities in random should be considered secure. Their output is completely deterministic.
This is emphasized in warnings at the top of the module's documentation:
> Python uses the Mersenne Twister as the core generator .... [which], being completely deterministic, is not suitable for all purposes, and is completely unsuitable for cryptographic purposes.
>
> [...]
>
> Warning: The pseudo-random generators of this module should not be used for security purposes. For security or cryptographic uses, see the secrets module.
As suggested, for cryptographically secure random number generation, you should use the secrets module:
> The secrets module is used for generating cryptographically strong random numbers suitable for managing data such as passwords, account authentication, security tokens, and related secrets.
>
> In particular, secrets should be used in preference to the default pseudo-random number generator in the random module, which is designed for modelling and simulation, not security or cryptography.
For your particular use case, the secrets module provides a secrets.choice function that works analogously to random.choice.
答案2
得分: 0
像Brian说的,使用随机方法来加密不安全。请使用secrets模块并使用内置的 choice 函数,而不是随机函数。您还可以使用string模块来缩短您的组合:
import string
import secrets
CharLIST = string.digits + string.ascii_letters
def NEW():
myPass = "".join(secrets.choice(CharLIST) for i in range(50,100))
return myPass
print(NEW())
英文:
Like @Brian said, random isn't secure with encrypting. Use the secrets module with the built in choice function instead of random. You can also use the string module to shorten your combinations:
import string
import secrets
CharLIST = string.digits + string.ascii_letters
def NEW():
myPass = "".join(secrets.choice(CharLIST) for i in range(50,100))
return myPass
print(NEW())
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论