Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use cryptographically secure generador for private keys (#118)
* Use cryptographically secure generador for pkeys The random module should not be used for security purposes, therefore the use of this module to generate private keys is a security flaw. Since this project is not targeting an specific python version, I'm not sure if it's wise to use the `secrets` module, because this module first appeared on in python 3.6. Instead I'm using `_get_random_bytes()` (which is os.urandom under the hood) to generate cryptographically secure numbers. On the other hand and I'm not sure if this logic of generating random private keys is entirely secure. In my opinion, the right way of doing this is using ECDSA or using the library we already have in this project: from Crypto.PublicKey import RSA key = RSA.generate(2048) private_key = key.export_key() public_key = key.publickey().export_key() * Use os.urandom directly --------- Co-authored-by: MrNaif2018 <chuff184@gmail.com>
- Loading branch information