use secrets module for randomness

Question

use secrets module for randomness

Closed this issue 9 months ago · 3 comments

Hey,
your README states:

This Python implementation uses (by default) the random.SystemRandom source provided by Python.

Warning The pseudo-random generators of this module should not be used for security purposes. For security or cryptographic uses, see the secrets module.

Can you please switch to the secrets module? There is even a diceware example in the docs:

import secrets
# On standard Linux systems, use a convenient dictionary file.
# Other platforms may need to provide their own word-list.
with open('/usr/share/dict/words') as f:
    words = [word.strip() for word in f]
    password = ' '.join(secrets.choice(words) for i in range(4)

Answer 1 · 2023-12-18T02:51:51.000Z

Hi @kmille ,

Thank you for hint!
You are right. From the comments in the docs it looks like we are using an unsecure generator for randomness. However, the secrets module does exactly the things we do in diceware: it imports the SystemRandom generator from random, generates an instance and works with that. Exactly the generator, we use as well.

This did not change up to the current Python 3.12. (https://github.com/python/cpython/blob/3.12/Lib/secrets.py):

from random import SystemRandom

_sysrand = SystemRandom()

randbits = _sysrand.getrandbits
choice = _sysrand.choice

Therefore, we are as safe as with using secrets, but by using random.SystemRandom directly we can stay compatible with Python versions < 3.6 (which do not provide secrets).

Maybe I should stress this better in the docs, as your issue reveals. Thank you anyway for the warning!

/ulif

Answer 2 · 2023-12-18T02:53:20.000Z

I close this issue for now. If there should be something I overlooked: please tell!

Answer 3 · 2023-12-20T16:53:47.000Z

Thanks for the clarification!