Unverified Commit 49808422 authored 3 years ago by Dan Callahan Committed by GitHub 3 years ago

Use Python's secrets module instead of random (#9984)

Functionally identical, but more obviously cryptographically secure.
...Explicit is better than implicit?

Avoids needing to know that SystemRandom() implies a CSPRNG, and
complies with the big scary red box on the documentation for random:

> Warning:
>   The pseudo-random generators of this module should not be used for
>   security purposes. For security or cryptographic uses, see the
>   secrets module.

https://docs.python.org/3/library/random.html



Signed-off-by: Dan Callahan <danc@element.io>

parent c14f99be

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 12 additions and 8 deletions

Please register or to comment