Sushobhan-Nayak / Password-Generator

Tried coding a password generator python code
0 stars 0 forks source link

Insecure RNG used #1

Open EfraemJoji opened 1 year ago

EfraemJoji commented 1 year ago

The RNG used to generate random characters & shuffle the password is from python's random module, which produces insecure passwords with VERY little entropy, which is a serious concern. You should never use python random , C/C++ rand() etc. to generate passwords, OTPs etc. which impact security. See: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator for more details.

Quick fix: Use random.SystemRandom() instead everywhere. Will send a pull request soon.

Real fix: Use python's secrets class.

EfraemJoji commented 1 year ago

PR opened at https://github.com/Sushobhan-Nayak/Password-Generator/pull/2