The RNG used to generate random characters & shuffle the password is from python's random module, which produces insecure passwords with VERY little entropy, which is a serious concern. You should never use python random , C/C++ rand() etc. to generate passwords, OTPs etc. which impact security.
See: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator for more details.
Quick fix: Use random.SystemRandom() instead everywhere. Will send a pull request soon.
The RNG used to generate random characters & shuffle the password is from python's
random
module, which produces insecure passwords with VERY little entropy, which is a serious concern. You should never use pythonrandom
, C/C++rand()
etc. to generate passwords, OTPs etc. which impact security. See: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator for more details.Quick fix: Use
random.SystemRandom()
instead everywhere. Will send a pull request soon.Real fix: Use python's
secrets
class.