avatarSwathi Arun

Summary

The undefined website article provides an overview of Python's secrets module, explaining its importance in generating secure, cryptographically strong random data for passwords, tokens, and one-time passwords (OTPs), and how it differs from the random module.

Abstract

The article titled "The Secrets Module of Python" delves into the functionalities of the secrets module introduced in Python 3.6. It emphasizes the module's ability to produce data that are near-true randomness, which is crucial for secure applications such as password generation, tokens, and OTPs. The secrets module is presented as a superior alternative to the random module for security purposes, as the latter's output can be predicted if the seed is known. The article includes code examples demonstrating the use of secrets methods such as secrets.choice for OTP generation, secrets.compare_digest to mitigate timing attacks, secrets.token_urlsafe for creating secure URLs, secrets.randbelow for generating integers below a specified value, and secrets.randbits for producing random integers within a bit range. The conclusion encourages the use of the secrets module for producing strong cryptographic data due to its secure source of randomness.

Opinions

  • The secrets module is considered an excellent secure source for producing random data, superior to the random module for cryptographic purposes.
  • The author suggests that the random module's data can be determined and is therefore not secure, whereas the secrets module provides non-deterministic data.
  • The article implies that using the secrets

The Secrets Module of Python

A unique module explained with some programs

Photo by Maxwell Nelson on Unsplash

One of the most interesting built-in modules in Python is secrets which were released in Python 3.6. It is popularly known to produce data that are close to true randomness. With the help of this package, you can produce cryptographically strong data. Some data produced with this method can be used in passwords, tokens, OTP( One Time Password). In this article, let us learn about the secrets module and its methods and how it is different from random modules.

Why is the secrets module better than the random module? Although you can generate random data from a random module, it is not non-deterministic data. Data that is produced from the random modules can be determined easily by finding the seed that is used to produce the data. Any data that can be determined cannot be considered secure data. Secrets module is an excellent secure source to produce random data.

Secrets choice Method:

A program to generate a 7 digit OTP(One Time Password) with secrets package:

This module produces data that are strong and it is from a secure source of randomness. OTP is used for some secure transactions, it is crucial to produce strong cryptographic data.

import secrets
import string
OTP = ''
digit = string.digits
for i in range(6):
    OTP +=str(''.join(secrets.choice(digit)))

print(OTP)

Output:

Photo by Author

Secrets compare_digest Method:

A program to use compare_digest and avoid timing attacks using

A timing attack is a type of security attack which uses time to determine secure data like passwords. This attack determines a password or a token using the time required for a processor to compare the character in the password in its database with the input password. With compare_digest you can reduce the risk of timing attack.

import secrets

print(secrets.compare_digest('password123','password123'))

It returns an output as True. It works similarly to string comparison.

Secrets token_urlsafe Method:

A program to create a secure link to reset a password

We require a secure link for some data transactions or password reset. By using this method we can produce that link that is secure. With this method, you can pass the required bytes as attributes. In the example notice that 7 bytes of the token should be the output.

print(dir(secrets))
url = 'https://mywebsite.com/reset=' + secrets.token_urlsafe(7)
print(url)

Output:

Photo by Author

Secrets randbelow() method

A program to generate an integer below the specified value.

The randbelow()method returns data below the given value. By specifying the exclusive upper bound we exclude the value specified and only the values below it are allowed. In my example, I have specified an exclusive upper bound condition and the output must be below 5.

import secrets

num = secrets.randbelow(exclusive_upper_bound=5)
print(num)

Output: It will return a random integer below 5.

Secrets randbit method:

A program to return a random integer in the 8 bits range

The randbit method returns a random integer value in the specified bits. In the example, we require a random number in 8 bits and the output must be in the [0–255] range.

import secrets

num = secrets.randbits(8)
print(num)

Output: It returns a random integer between [0–255].

Program to check all the methods present in the Secrets module:

Check all the methods present in the secrets module. These methods associated with the secrets module are interesting. Try working with the module and produce random data with the secrets module.

import secrets

print(dir(secrets))

Conclusion: There are few methods with which you can produce random data like random method, HRNG( hardware random number generator). But only by using the secrets module, you can produce data that is strong cryptographic data because of a secure source of randomness. For the complete documentation check this link.

Here is a link for a subscription to read thousands of articles with Medium. Please consider subscription and support many writers.

Python
Python Programming
Cryptography
Programming
Security
Recommended from ReadMedium