文档章节

Python 3.6 adds New secrets Module for Robust Account and Password Security

ranjeet
 ranjeet
发布于 2017/05/10 14:07
字数 545
阅读 7
收藏 0

Python 3.6, the newest major release of the Python language, has added a new module, called secrets, to help generate cryptographically strong random numbers for managing secrets, like account authentication, tokens and related secrets. Python developers are highly likely to prefer secrets over the default pseudo-random number generator in the random module, since it’s not meant for cryptography or security, but modelling and simulation.

Let’s understand with an example how one can create their own cryptographically strong pseudo-random values and generate tokens using the secrets module.

How to create Cryptographically Strong Pseudo-Random Values using secrets

>>> import secrets
>>> import string
>>> characters = string.ascii_letters + string.digits
>>> secure_password = ''.join(secrets.choice(chNo Records.aracters) for i in range(10))
>>> secure_password
'SRvM54ZAs1'

The first step is to import the secrets and the string modules. Then we create a string of uppercase letters and integers. Now, in order to choose characters randomly to generate a secure password, we need to use the secrets module’s choice() method. The reason it’s being called a secure password is because there’s been a use of mixed case, numbers and symbols in the password, which is highly advised to people to keep their passwords protected from hack attacks.

How to Generate Tokens using secrets

There is not one but several methods to generate tokens using the secrets module. Below are mentioned some examples to ease your learning on token generation using secrets.

>>>: secrets.token_bytes()
b'\xd1Od\xe0\xe4\xf8Rn\xf4G\xdb\x08\xa8\x85\xeb\xba>\x8cO\xa7XV\x1cb\xd6\x11\xa0\xcaK'

>>> secrets.token_bytes(8)
b'\xfc,9y\xbe]\x0e\xfb'

>>> secrets.token_hex(16)
'6cf3baf51c12ebfcbe26d08b6bbe1ac0'

>>> secrets.token_urlsafe(16)
'5t_jLGlV8yp2Q5tolvBesQ'

The token_bytes function here allows to return a random byte string containing nbytes number of bytes. A reasonable default could also be put into use when nbytes is None or not supplied. In the first example, there is no mention of number of bytes, hence Python itself choose a reasonable number there. The token-bytes function was used again, but this time with 8 bytes. The next function used was token_hex, to return a random text string, in hexadecimal. The token_urlsafe function is the last one used there, meant to return a random URL-safe text string. Base64 encoding was also used for text.

Click here to unveil 7 Python libraries to use in 2017

How Many Bytes to Use for Tokens?

You should have sufficient randomness for your tokens to secure them against brute-force attacks. It’s advised that at least 32 bytes (256 bits) of randomness should be used to protect tokens from security breaches.

The Python developer community will see the secrets module as an important addition to Python 3.6. With secrets, Python 3.6 developers now have a reliable way to generate cryptographically strong tokens and passwords.

What’s your view on addition of secrets to Python 3.6? Would you like to give the secrets module a try for generating tokens and passwords? Please share your views in the comment box below.

Original Source- http://evontech.com/what-we-are-saying/entry/python-36-adds-new-secrets-module-for-robust-account-and-password-security.html

本文转载自:https://goo.gl/1JVjHF

ranjeet
粉丝 0
博文 1
码字总数 0
作品 0
印度
私信 提问
Python 3.6 Brings Better Dictionaries, Improved Async I/O, and More

Python 3.6 Brings Better Dictionaries, Improved Async I/O, and More 原文链接 by Sergio De Simone Python is approaching its next major milestone, version 3.6. Expected to be rele......

MtrS
2016/12/12
8
0
Python 3.6.5 发布,包含新特性以及优化

Python 3.6.5 是 Python 3.6 的第五个维护版,Python 3.6 包含了许多新特性和对旧版本的优化。 PEP 468, Preserving Keyword Argument Order PEP 487, Simpler customization of class creat......

clouddyy
2018/03/29
4K
7
Python 3.7.2 和 3.6.8 版本正式发布

Python 3.7.2 和 3.6.8 现已正式发布。 3.7.2 是 Python 3.7 的下一个维护版本,也是 Python 的最新功能版本。3.6.8 则是 Python 3.6 的最后一个 bug 修复版本。后续官方将提供 Python 3.6 的...

王练
2018/12/25
0
7
python 怎样设置代理访问http请求?

使用python 3.2.2 按照文档示例,如下: authinfo = urllib.request.HTTPBasicAuthHandler() authinfo.add_password(realm='PDQ Application', uri='https://mahler:8092/site-updates.py',......

zheng-lee
2012/03/31
7.4K
1
Python 3.3.5 正式发布

Python 3.3.5 正式发布,相对于 Python 3.3.5 RC2 没有太大改变。 Python 3.3.5 RC2 更新内容如下: Core and Builtins Issue #20731: Properly position in source code files even if the......

oschina
2014/03/10
3.5K
17

没有更多内容

加载失败,请刷新页面

加载更多

安卓Q | 文件存储沙箱化FAQ,你想知道的这里都有!

文件存储沙箱化作为Android Q最为重要的变更之一,对应用文件存储、访问、分享等操作都带来重大的影响,被众多开发者关注和讨论。本文邀请华为技术专家对开发者提到的重点问题进行了解答,以...

安卓绿色联盟
26分钟前
1
0
可以提高程序员效率的工具!

前言 只有光头才能变强。 文本已收录至我的GitHub仓库,欢迎Star:https://github.com/ZhongFuCheng3y/3y 本文记录一下我在平时喜欢用的一些小工具,以便以后重装系统/换电脑的时候能快速安装...

Java3y
49分钟前
4
0
将博客搬至CSDN

https://blog.csdn.net/qq_38157006

Marhal
54分钟前
1
0
unicode Java中求字符串长度length()和codePointCount()的区别

在计算字符串长度时,Java的两种方法length()和codePointCount()一度让我困惑,运行书上例子得到的长度值是相等的,那为什么要设定两个方法呢? 对于普通字符串,这两种方法得到的值是一样的...

泉天下
55分钟前
2
0
uin-app 一、学习理由

选择uni-app 理由 别人的理由 1. 5+ 有HTML5+和Native.js技术,HTML5+包含常用的跨平台的几百个API,能满足常规开发需求,而Native.js把40w原生api映 射成js对象,这样js可以直接调原生。HTM...

轻轻的往前走
57分钟前
1
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部