mirror of https://github.com/python/cpython
Documentation for secrets.py
This commit is contained in:
Steven D'Aprano
parent
9e9235511e
commit
b2871faa87
|
|
@ -16,3 +16,4 @@ Here's an overview:
|
|||
|
||||
hashlib.rst
|
||||
hmac.rst
|
||||
secrets.rst
|
||||
|
|
|
|||
|
|
@ -46,7 +46,8 @@ from sources provided by the operating system.
|
|||
.. warning::
|
||||
|
||||
The pseudo-random generators of this module should not be used for
|
||||
security purposes.
|
||||
security purposes. For security or cryptographic uses, see the
|
||||
:mod:`secrets` module.
|
||||
|
||||
|
||||
Bookkeeping functions:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,199 @@
|
|||
:mod:`secrets` --- Generate secure random numbers for managing secrets
|
||||
======================================================================
|
||||
|
||||
.. module:: secrets
|
||||
:synopsis: Generate secure random numbers for managing secrets.
|
||||
|
||||
.. moduleauthor:: Steven D'Aprano <steve+python@pearwood.info>
|
||||
.. sectionauthor:: Steven D'Aprano <steve+python@pearwood.info>
|
||||
.. versionadded:: 3.6
|
||||
|
||||
.. testsetup::
|
||||
|
||||
from secrets import *
|
||||
__name__ = '<doctest>'
|
||||
|
||||
**Source code:** :source:`Lib/secrets.py`
|
||||
|
||||
-------------
|
||||
|
||||
The :mod:`secrets` module is used for generating cryptographically strong
|
||||
random numbers suitable for managing data such as passwords, account
|
||||
authentication, security tokens, and related secrets.
|
||||
|
||||
In particularly, :mod:`secrets` should be used in preference to the
|
||||
default pseudo-random number generator in the :mod:`random` module, which
|
||||
is designed for modelling and simulation, not security or cryptography.
|
||||
|
||||
.. seealso::
|
||||
|
||||
:pep:`506`
|
||||
|
||||
|
||||
Random numbers
|
||||
--------------
|
||||
|
||||
The :mod:`secrets` module provides access to the most secure source of
|
||||
randomness that your operating system provides.
|
||||
|
||||
.. class:: SystemRandom
|
||||
|
||||
A class for generating random numbers using the highest-quality
|
||||
sources provided by the operating system. See
|
||||
:class:`random.SystemRandom` for additional details.
|
||||
|
||||
.. function:: choice(sequence)
|
||||
|
||||
Return a randomly-chosen element from a non-empty sequence.
|
||||
|
||||
.. function:: randbelow(n)
|
||||
|
||||
Return a random int in the range [0, *n*).
|
||||
|
||||
.. function:: randbits(k)
|
||||
|
||||
Return an int with *k* random bits.
|
||||
|
||||
|
||||
Generating tokens
|
||||
-----------------
|
||||
|
||||
The :mod:`secrets` module provides functions for generating secure
|
||||
tokens, suitable for applications such as password resets,
|
||||
hard-to-guess URLs, and similar.
|
||||
|
||||
.. function:: token_bytes([nbytes=None])
|
||||
|
||||
Return a random byte string containing *nbytes* number of bytes.
|
||||
If *nbytes* is ``None`` or not supplied, a reasonable default is
|
||||
used.
|
||||
|
||||
.. doctest::
|
||||
|
||||
>>> token_bytes(16) #doctest:+SKIP
|
||||
b'\xebr\x17D*t\xae\xd4\xe3S\xb6\xe2\xebP1\x8b'
|
||||
|
||||
|
||||
.. function:: token_hex([nbytes=None])
|
||||
|
||||
Return a random text string, in hexadecimal. The string has *nbytes*
|
||||
random bytes, each byte converted to two hex digits. If *nbytes* is
|
||||
``None`` or not supplied, a reasonable default is used.
|
||||
|
||||
.. doctest::
|
||||
|
||||
>>> token_hex(16) #doctest:+SKIP
|
||||
'f9bf78b9a18ce6d46a0cd2b0b86df9da'
|
||||
|
||||
.. function:: token_urlsafe([nbytes=None])
|
||||
|
||||
Return a random URL-safe text string, containing *nbytes* random
|
||||
bytes. The text is Base64 encoded, so on average, each byte results
|
||||
in approximately 1.3 characters. If *nbytes* is ``None`` or not
|
||||
supplied, a reasonable default is used.
|
||||
|
||||
.. doctest::
|
||||
|
||||
>>> token_urlsafe(16) #doctest:+SKIP
|
||||
'Drmhze6EPcv0fN_81Bj-nA'
|
||||
|
||||
|
||||
How many bytes should tokens use?
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
To be secure against
|
||||
`brute-force attacks <https://en.wikipedia.org/wiki/Brute-force_attack>`_,
|
||||
tokens need to have sufficient randomness. Unfortunately, what is
|
||||
considered sufficient will necessarily increase as computers get more
|
||||
powerful and able to make more guesses in a shorter period. As of 2015,
|
||||
it is believed that 64 bytes (512 bits) of randomness is sufficient for
|
||||
the typical use-case expected for the :mod:`secrets` module.
|
||||
|
||||
For those who want to manage their own token length, you can explicitly
|
||||
specify how much randomness is used for tokens by giving an :class:`int`
|
||||
argument to the various ``token_*`` functions. That argument is taken
|
||||
as the number of bytes of randomness to use.
|
||||
|
||||
Otherwise, if no argument is provided, or if the argument is ``None``,
|
||||
the ``token_*`` functions will use a reasonable default instead.
|
||||
|
||||
.. note::
|
||||
|
||||
That default is subject to change at any time, including during
|
||||
maintenance releases.
|
||||
|
||||
|
||||
Other functions
|
||||
---------------
|
||||
|
||||
.. function:: compare_digest(a, b)
|
||||
|
||||
Return ``True`` if strings *a* and *b* are equal, otherwise ``False``,
|
||||
in such a way as to redice the risk of
|
||||
`timing attacks <http://codahale.com/a-lesson-in-timing-attacks/>`_ .
|
||||
See :func:`hmac.compare_digest` for additional details.
|
||||
|
||||
|
||||
Recipes and best practices
|
||||
--------------------------
|
||||
|
||||
This section shows recipes and best practices for using :mod:`secrets`
|
||||
to manage a basic level of security.
|
||||
|
||||
Generate an eight-character alphanumeric password:
|
||||
|
||||
.. testcode::
|
||||
|
||||
import string
|
||||
alphabet = string.ascii_letters + string.digits
|
||||
password = ''.join(choice(alphabet) for i in range(8))
|
||||
|
||||
|
||||
.. note::
|
||||
|
||||
Applications should
|
||||
`not store passwords in a recoverable format <http://cwe.mitre.org/data/definitions/257.html>`_ ,
|
||||
whether plain text or encrypted. They should always be salted and
|
||||
hashed using a cryptographically-strong one-way (irreversible) hash
|
||||
function.
|
||||
|
||||
|
||||
Generate a ten-character alphanumeric password with at least one
|
||||
lowercase character, at least one uppercase character, and at least
|
||||
three digits:
|
||||
|
||||
.. testcode::
|
||||
|
||||
import string
|
||||
alphabet = string.ascii_letters + string.digits
|
||||
while True:
|
||||
password = ''.join(choice(alphabet) for i in range(10))
|
||||
if (any(c.islower() for c in password)
|
||||
and any(c.isupper() for c in password)
|
||||
and sum(c.isdigit() for c in password) >= 3):
|
||||
break
|
||||
|
||||
|
||||
Generate an `XKCD-style passphrase <http://xkcd.com/936/>`_ :
|
||||
|
||||
.. testcode::
|
||||
|
||||
# On standard Linux systems, use a convenient dictionary file.
|
||||
# Other platforms may need to provide their own word-list.
|
||||
with open('/usr/share/dict/words') as f:
|
||||
words = [word.strip() for word in f]
|
||||
password = ' '.join(choice(words) for i in range(4))
|
||||
|
||||
|
||||
Generate a hard-to-guess temporary URL containing a security token
|
||||
suitable for password recovery applications:
|
||||
|
||||
.. testcode::
|
||||
|
||||
url = 'https://mydomain.com/reset=' + token_urlsafe()
|
||||
|
||||
|
||||
|
||||
..
|
||||
# This modeline must appear within the last ten lines of the file.
|
||||
kate: indent-width 3; remove-trailing-space on; replace-tabs on; encoding utf-8;
|
||||
Loading…
Reference in New Issue