The Python library nonce generation uses the following code:
return ''.join([str(random.randint(0, 9)) for i in range(length)])
This is not terribly secure, as it relies on a non cryptographically secure
PRNG with an unknown seed.
Instead, nonce generation should be something like this:
return os.urandom(8).encode('base64'))
Original issue reported on code.google.com by arach...@notdot.net on 15 Oct 2013 at 2:12
Original issue reported on code.google.com by
arach...@notdot.neton 15 Oct 2013 at 2:12