I'm pleased to announce a new standard library module for Python 3.6 and better, to aid in generating secure tokens for authentication and other secrets.
Last year, the founder of OpenBSD Theo de Raadt contacted Guido van Rossum with concerns that the Python standard library made it too easy for people to generate insecure tokens, session keys and related data. The problem is that developers may use the random module for generating tokens which need to be hard to guess. However the random module uses the Mersenne Twister by default, which is designed for simulation and modelling and is not suitable for cryptographic purposes. Consequently such tokens may be insecure. After much discussion, it was decided to leave the random module as-is, but introduce a new module which would can be used to generate hard-to-guess (cryptographically strong) tokens and random numbers: the secrets module. See the PEP for more details: https://www.python.org/dev/peps/pep-0506/ And the documentation: https://docs.python.org/3.6/library/secrets.html Comments requested. -- Steven -- https://mail.python.org/mailman/listinfo/python-list
