The RNG used to generate random characters & shuffle the password is from python's random module, which produces insecure passwords with VERY little entropy, which is a serious concern. You should never use python random , C/C++ rand() etc. to generate passwords, OTPs etc. which impact security.
See: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator for more details.
Quick fix: Use random.SystemRandom() instead everywhere. Will send a pull request soon.
EfraemJoji
commented
1 year ago
The RNG used to generate random characters & shuffle the password is from python's
randommodule, which produces insecure passwords with VERY little entropy, which is a serious concern. You should never use pythonrandom, C/C++rand()etc. to generate passwords, OTPs etc. which impact security. See: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator for more details.Quick fix: Use
random.SystemRandom()instead everywhere. Will send a pull request soon.Real fix: Use python's
secretsclass.