Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > trying to get hash from os.urandom

Reply
Thread Tools

trying to get hash from os.urandom

 
 
Grzegorz Smith
Guest
Posts: n/a
 
      01-23-2006
Hi all
I'm writing small python module which will be a password generator. I read
that python can use system random generator on machine whit *nix os. So i
start using os.urandom and when i generate random string i get something
like this: urandom( ->
'\xec2a\xe2\xe2\xeb_\n',"\x9f\\]'\xad|\xe6\xeb",'\xb0\xf8\xd3\xa0>01\xaf'.
How can I convert this to hash? i change python defaultencoding from ascii
to utf-8 and try convert this to unicode object but I only get:
'\xb4\xa8b\xed\xb9Y-\xf3'
Any help i will appreciated. Does anyone use os.urandom to cryptography?
Gregor
 
Reply With Quote
 
 
 
 
Paul Rubin
Guest
Posts: n/a
 
      01-23-2006
Grzegorz Smith <(E-Mail Removed)> writes:
> '\xec2a\xe2\xe2\xeb_\n',"\x9f\\]'\xad|\xe6\xeb",'\xb0\xf8\xd3\xa0>01\xaf'.
> How can I convert this to hash? i change python defaultencoding from ascii
> to utf-8 and try convert this to unicode object but I only get:


Don't use totally arbitrary 8-bit characters in passwords. If you
just want (say) random lowercase letters, do something like (untested):

import string,os
random_letter = string.lowercase[ord(os.urandom(1)) % 26]

for as many letters as you want in the word.

Note that the letters won't be perfectly equally probable because the
character codes are 0..255 and you get some of the residues mod 26
slightly more often than others. Obviously you can avoid that
nonuniformity in various ways, but the effect on the password entropy
is minimal even if you do nothing.

IMO it's better to use words than strings of letters. Try something
like (untested):

import binascii,os
short_words = [w.strip() for w in file('/usr/dict/words') if len(w) < 8]
assert len(short_words) > 5000
passphrase = []

for i in range(2): # we will generate a 2-word phrase
# generate a random 64 bit integer
a = int(binascii.hexlify(os.urandom(), 16)
passphrase.append(short_words[a % len(short_words)])
passphrase = ' '.join(passphrase)

If you want to use the phrase as a cryptography key, use 6 or so words
instead of 2 words.

> Any help i will appreciated. Does anyone use os.urandom to cryptography?


Yes, all the time.
 
Reply With Quote
 
 
 
 
Robert Kern
Guest
Posts: n/a
 
      01-23-2006
Paul Rubin wrote:

> IMO it's better to use words than strings of letters. Try something
> like (untested):
>
> import binascii,os
> short_words = [w.strip() for w in file('/usr/dict/words') if len(w) < 8]
> assert len(short_words) > 5000
> passphrase = []
>
> for i in range(2): # we will generate a 2-word phrase
> # generate a random 64 bit integer
> a = int(binascii.hexlify(os.urandom(), 16)
> passphrase.append(short_words[a % len(short_words)])
> passphrase = ' '.join(passphrase)
>
> If you want to use the phrase as a cryptography key, use 6 or so words
> instead of 2 words.


Indeed. I like to generate {64,128}-bit-strong passphrases using the RFC1751
module provided with pycrypto.

--
Robert Kern
http://www.velocityreviews.com/forums/(E-Mail Removed)

"In the fields of hell where the grass grows high
Are the graves of dreams allowed to die."
-- Richard Harter

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hash of hash of hash of hash in c++ rp C++ 1 11-10-2011 04:45 PM
Hash#select returns an array but Hash#reject returns a hash... Srijayanth Sridhar Ruby 19 07-02-2008 12:49 PM
In 'HashMap.put', "if (e.hash == hash && eq(k, e.key))" ? Red Orchid Java 3 01-30-2006 07:04 PM
standard library for hash table storage and hash algorithm Pieter Claassen C Programming 1 08-04-2004 03:11 AM



Advertisments