#### Sources
- 鏈接在此: [link](https://docs.python.org/3/library/secrets.html)
- 注意: **新于 Python 3.7.0 出現的函數 不會在此測試**.

In [1]:
before_using_it = '''
    The 'secrets' module is used for 
        generating cryptographically strong random numbers 
        which is suitable for managing data such as pwd, account auth etc. 
    In particularly, it should be 
        used in preference to the default pseudo-random generator in 'random',
        it's designed for modelling and simulation, not security or cryptography.
    
    ----- In short, you SHOULD USE 'secrets' module. ----
'''

In [2]:
import random
import secrets

# use these by creating an instance
rsr = random.SystemRandom()
ssr = secrets.SystemRandom()

# the same? I didn't check each one of them
len(rsr.__dir__()), len(ssr.__dir__())

(54, 54)

#### random numbers

In [3]:
options = [
    'Base64',
    'Descriptor',
    'BlockChain', 
    'Cryptography',
]

secrets.choice(options)  

secrets.randbelow(30)  # an random int in [0, n)

secrets.randbits(1)    # an int with k random bits
secrets.randbits(120)

'BlockChain'

27

1

1277707410252733006346419587565688351

#### generating tokens

In [4]:
aim = ''' 
    The secure tokens is suitable for
    applications such password resets, hard-to-guess urls, and similar.   
'''

tip = '''
    The default 'nbytes' is ant integer. 
        For now, the 32 bytes is the default.
        Of course, you can specify your own token length.
    
    It was used to make tokens have sufficient randomness (against attack).
     
    And note: 
        the default is subject to change at any time,
        including during maintenance releases. (XD)
'''

# nbytes=32
tb1 = secrets.token_bytes()    # byte string 
tb2 = secrets.token_bytes(20)  

# nbytes=64
th1 = secrets.token_hex()      # text string in hexadecimal
th2 = secrets.token_hex(20)  

# nbytes=43
tu1 = secrets.token_urlsafe()  # random URL-safe text string 
tu2 = secrets.token_urlsafe(9)


# default 
tb1        # token_bytes()
th1        # token_hex() 
tu1        # token_urlsafe()

# compare!
secrets.compare_digest(tu1,tu1)

b'\xdc\xa5\xb8\x9d\xeeTK*kc\xcfK\x02Vo\xab3w\x00\xf00\xd60\xb6\xfc@\xe8$\xc8\xa3\x16\xef'

'667c551eb6dea1b71da7e007ca9209e4efcdffb2dd99474a4b475f31cc6e592a'

'kQVpAlY3dYxbExQeHCAxlrhAFmpvsrQ8LwFqRIg_mj4'

True

#### recipes and best practices

In [16]:
from string import ascii_letters, digits
from secrets import choice

a_basic_password = ''' 
    generate an 12-char alphanumeric password 
'''

alphab = ascii_letters + digits
passwd = ''.join(choice(alphab) for i in range(12))

# Btw, applications should NOT 
#   store pwds in a Recoverable format, whether plain text or encrypted.
# They should be Salted and Hashed 
#   using a cryptographically-strong one-way(irreversible) hash function. 
passwd

'3efpgD6F0FrU'

In [18]:
create_a_password = '''
  Generate a ten-char alphanumeric pwd 
    with at least one   lowercase char, 
         at lease one   uppercase char, 
    and  at lease three           digits. 
'''

alphab = ascii_letters + digits

while True:
    password = ''.join(choice(alphab) for i in range(10))
    if ( any( c.islower() for c in password ) 
        and any( c.isupper() for c in password ) 
        and sum( c.isdigit() for c in password ) >= 3
    ):
        break
        
password

'Oyl83knrk6'

In [23]:
# Generate a hard-to-guess temporary 
#   URL containing a security token 
#   suitable for password recovery applications 

url = 'https://example.com/reset=' + secrets.token_urlsafe(10)
url

'https://example.com/reset=JpQ3YBXNlEw-rQ'