Python 3.6 adds New secrets Module for Robust Account and Password Security
2017-05-10 00:00
429 查看
摘要: Python 3.6, the newest major release of the Python language, has added a new module, called secrets, to help generate cryptographically strong random numbers for managing secrets, like account authentication, tokens and related secrets.
Python 3.6, the newest major release of the Python language, has added a new module, called secrets, to help generate cryptographically strong random numbers for managing secrets, like account authentication, tokens and related secrets. Python developers are highly likely to prefer secrets over the default pseudo-random number generator in the random module, since it’s not meant for cryptography or security, but modelling and simulation.
Let’s understand with an example how one can create their own cryptographically strong pseudo-random values and generate tokens using the secrets module.
The first step is to import the secrets and the string modules. Then we create a string of uppercase letters and integers. Now, in order to choose characters randomly to generate a secure password, we need to use the secrets module’s choice() method. The reason it’s being called a secure password is because there’s been a use of mixed case, numbers and symbols in the password, which is highly advised to people to keep their passwords protected from hack attacks.
The token_bytes function here allows to return a random byte string containing nbytes number of bytes. A reasonable default could also be put into use when nbytes is None or not supplied. In the first example, there is no mention of number of bytes, hence Python itself choose a reasonable number there. The token-bytes function was used again, but this time with 8 bytes. The next function used was token_hex, to return a random text string, in hexadecimal. The token_urlsafe function is the last one used there, meant to return a random URL-safe text string. Base64 encoding was also used for text.
Click here to unveil 7 Python libraries to use in 2017
The Python developer community will see the secrets module as an important addition to Python 3.6. With secrets, Python 3.6 developers now have a reliable way to generate cryptographically strong tokens and passwords.
What’s your view on addition of secrets to Python 3.6? Would you like to give the secrets module a try for generating tokens and passwords? Please share your views in the comment box below.
Original Source- http://evontech.com/what-we-are-saying/entry/python-36-adds-new-secrets-module-for-robust-account-and-password-security.html
Python 3.6, the newest major release of the Python language, has added a new module, called secrets, to help generate cryptographically strong random numbers for managing secrets, like account authentication, tokens and related secrets. Python developers are highly likely to prefer secrets over the default pseudo-random number generator in the random module, since it’s not meant for cryptography or security, but modelling and simulation.
Let’s understand with an example how one can create their own cryptographically strong pseudo-random values and generate tokens using the secrets module.
How to create Cryptographically Strong Pseudo-Random Values using secrets
>>> import secrets >>> import string >>> characters = string.ascii_letters + string.digits >>> secure_password = ''.join(secrets.choice(chNo Records.aracters) for i in range(10)) >>> secure_password 'SRvM54ZAs1' |
How to Generate Tokens using secrets
There is not one but several methods to generate tokens using the secrets module. Below are mentioned some examples to ease your learning on token generation using secrets.>>>: secrets.token_bytes() b'\xd1Od\xe0\xe4\xf8Rn\xf4G\xdb\x08\xa8\x85\xeb\xba>\x8cO\xa7XV\x1cb\xd6\x11\xa0\xcaK' >>> secrets.token_bytes(8) b'\xfc,9y\xbe]\x0e\xfb' >>> secrets.token_hex(16) '6cf3baf51c12ebfcbe26d08b6bbe1ac0' >>> secrets.token_urlsafe(16) '5t_jLGlV8yp2Q5tolvBesQ' |
Click here to unveil 7 Python libraries to use in 2017
How Many Bytes to Use for Tokens?
You should have sufficient randomness for your tokens to secure them against brute-force attacks. It’s advised that at least 32 bytes (256 bits) of randomness should be used to protect tokens from security breaches.The Python developer community will see the secrets module as an important addition to Python 3.6. With secrets, Python 3.6 developers now have a reliable way to generate cryptographically strong tokens and passwords.
What’s your view on addition of secrets to Python 3.6? Would you like to give the secrets module a try for generating tokens and passwords? Please share your views in the comment box below.
Original Source- http://evontech.com/what-we-are-saying/entry/python-36-adds-new-secrets-module-for-robust-account-and-password-security.html
相关文章推荐
- How to download and install setuptools module for Python
- Python_django_forget_account_and_password
- psutil - A cross-platform process and system utilities module for Python - Google Project Hosting
- Please enter the correct username and password for a staff account. Note tha
- Hacking Exposed Windows: Microsoft Windows Security Secrets and, Solutions, Third Edition (Hacking Exposed) (Paperback)
- Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions, (Hacking Exposed) (Paperback) Dec.2007.eBook-BBL
- Code maturity level options 代码成熟度选项 [*]Prompt for development and/or incomplete code/drivers 显示尚在开发中或尚未完成的代码与驱动.除非你是测试人员或者开发者,否则请勿选择 我是开发者,所以选[*] Loadable module support 可加载模块支持 [*]Enable loadable module support 内核编译配置选项简介 (2.4.20-8
- The article discusses a couple of new features introduced for assemblies and versioning in Visual Studio 2005.
- Enhanced System Security with the LabVIEW Datalogging and Supervisory Control Module
- Secure XML: the new syntax for signatures and encryption
- CodeRush for Visual Studio .NET v.3.0.2 (Beta) released on 18 Dec 2007 and What'a New
- The Development and Comparison of Robust Methods for Estimating the Fundamental Matrix
- Core Security Patterns : Best Practices and Strategies for J2EE(TM), Web Services, and Identity Mana
- Internet Security: A Jumpstart for Systems Administrators and IT Managers
- The Focal easy guide to Maya 5: for new users and professionals
- Security Information Management and Security Event Management for Compliance
- Robust Estimation for Range Image Segmentation and Reconstruction
- Merry Christmas and best wishes for happy new year!
- New For Me And/Or The World