Closed kmille closed 9 months ago
Hi @kmille ,
Thank you for hint!
You are right. From the comments in the docs it looks like we are using an unsecure generator for randomness. However, the secrets
module does exactly the things we do in diceware
: it imports the SystemRandom
generator from random
, generates an instance and works with that. Exactly the generator, we use as well.
This did not change up to the current Python 3.12. (https://github.com/python/cpython/blob/3.12/Lib/secrets.py):
from random import SystemRandom
_sysrand = SystemRandom()
randbits = _sysrand.getrandbits
choice = _sysrand.choice
Therefore, we are as safe as with using secrets
, but by using random.SystemRandom
directly we can stay compatible with Python versions < 3.6 (which do not provide secrets
).
Maybe I should stress this better in the docs, as your issue reveals. Thank you anyway for the warning!
/ulif
I close this issue for now. If there should be something I overlooked: please tell!
Thanks for the clarification!
Hey, your README states:
the python docs state:
Can you please switch to the secrets module? There is even a diceware example in the docs: