0

I've read a few different posts about generating passwords programatically, and many have comments from people saying using standard random module is a security risk. Can someone explain why? If I am using the standard random library to select 20 random characters/symbols/numbers to generate a password, surely this is far stronger than many 'regular' passwords your mom or dad might have?

I understand that it's not true random, but I can't see how that's an issue in this use case.

still_coding
  • 13
  • 3

2 Answers2

0

It depends on what is meant by the "standard random library".

Python provides both—

  • A noncryptographic pseudorandom generator (all of the random module except random.SystemRandom), which is not designed for use in security applications, including to generate secret values, and
  • a cryptographic random generator (random.SystemRandom or the secrets module), which is designed for security use.

And the documentation for the secrets module clearly says it produces "cryptographically strong random numbers suitable for managing data such as passwords, account authentication, security tokens, and related secrets", and includes a code example for generating a strong random password. A usual requirement for "cryptographically strong random numbers" is that they should be hard to guess by outside attackers. To this end, the secrets module may rely on the random number generator provided by the operating system (as secrets.SystemRandom does, for example).

On the other hand, a noncryptographic pseudorandom number generator (such as Mersenne Twister, which is the generator used by most of the random module) is designed for statistical quality rather than generating hard-to-guess numbers.

In security applications:

  • Use the secrets module or random.SystemRandom (rather than the rest of the random module) to generate random strings that will serve as a password, a bearer credential, a nonce, a session identifier, a "verification code" or "confirmation code", or another secret value. For example, the secrets.token_hex method generates a readable random string designed to be hard to guess.
  • In general, passwords should not be stored anywhere, even encrypted or shuffled, unless they're "hashed" and "salted". Salted hashing is an irreversible operation on passwords that renders it impossible to recover the original password by knowing just the output. Unfortunately, the secrets module provides nothing that will help you hash passwords in a secure way, as opposed to just generating them.
Peter O.
  • 32,158
  • 14
  • 82
  • 96
  • Yes I understand that secrets is better, but I'm looking for an explanation as to why. Also, if I was to use secrets, then scramble and randomise the results of that further would I likely be improving or worsening the password? – still_coding Apr 09 '21 at 10:37
  • See [another answer of mine](https://stackoverflow.com/questions/65311182#65311380). Also, "scrambling" a random password is better known as "hashing" the password, and that should absolutely be done before it's stored in a database or another kind of storage. In general, passwords should not be stored anywhere, even encrypted, unless they're hashed and "salted". Unfortunately, the `secrets` module provides nothing that will help you _hash_ passwords in a secure way, as opposed to just _generating_ them. – Peter O. Apr 09 '21 at 10:53
  • @still_coding if by "scrambling" the results, you instead mean to `shuffle()` the password before returning it to the user then it's not going to make any significant difference. if an attacker can figure out what you did to generate the letters in the first place then it won't take much to recover the same permutation – Sam Mason Apr 10 '21 at 15:35
0

This is a security risk because you don't know how the PRNG is seeded. It varies from one implementation to another and depending on the Python version you're using it might not always be a security risk.

Many PRNG implementations use current time as default seed, meaning if a potential attacker knows the exact time you generated your passwords and the algorithm you used, this attacker will be able to retrieve all your generated passwords. They are many other ways to predict PRNGs, they don't all use current time as default seed, this was just an example.

Conclusion : do what the doc says ;)

ShellCode
  • 1,072
  • 8
  • 17