Devin Jeanpierre wrote: > On Sun, Aug 10, 2014 at 9:31 AM, Steven D'Aprano > <steve+comp.lang.pyt...@pearwood.info> wrote:
>> I don't think that using a good, but not cryptographically-strong, random >> number generator to generate passwords is a serious vulnerability. What's >> your threat model? > > I've always wanted a password generator that worked on the fly based > off of a master password. If the passwords are generated randomly but > not cryptographically securely so, then given sufficiently many > passwords, the master password might be deduced. o_O So, what you're saying is that you're concerned that if an attacker has all your passwords, they might be able to generate new passwords? [...] >>> Someone should write a cryptographically secure pseudorandom number >>> generator library for Python. :( >> >> Here, let me google that for you > > I should clarify that OpenSSL has one (which is what I assume you're > alluding to), No. If you follow the link I provided, I'm sure you will find what you are after. > but it doesn't let you choose the seed, so it's useless > for deterministic password generation. There are also lots of small > libraries some person wrote at some time, but that sounds shady. ;) You mean the opposite to OpenSSL, which was handed down to Mankind from the Gods? The size of the library doesn't matter, what matters is how well it implements what crypto standards. -- Steven -- https://mail.python.org/mailman/listinfo/python-list
