random_base32 function uses non-cryptographic generator

[randombit]

random_base32 calls random.choice which uses Python random() which is implemented using the Mersenne Twister algorithm. This RNG is not cryptographically secure, and given enough of the output is is possible to recover the seed (for example https://github.com/fx5/not_random).

A scenario where this might occur is if random_base32 is used by a service provider. A user requests a new OTP key a few thousand times in a row, recovers the PRNG seed, and then is able to derive all other OTP keys generated by the same server process.

This is easy enough to fix, just use os.urandom if available.

[kislyuk]

Fixed in master. Thanks for reporting.