letters (uppercase and lowercase), digits, and two extra punctuation characters (such as '+' and '/'). To make things simple: choose an alphabet of length 64, e.g. ![]() You should work with os.urandom() all along. Then you use it as seed in random, which is less good: that one is a non-cryptographic PRNG, and its output may exhibit some structure which will not register in a statistical measurement tool, but might be exploited by an intelligent attacker. For any practical purpose (even cryptography), the output of os.urandom() is indistinguishable from true alea. You use Python's os.urandom(): that's good. ![]() If the password is not meant to be remembered by a human being, then it is not really a password. The difficult thing with passwords is to make them strong enough and still be able to remember them.
0 Comments
Leave a Reply. |