diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-02-06 09:47:07 -0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-02-06 09:47:07 -0800 |
| commit | 2a70f916309fb4c2dd93b7a71a8e7670cf526ee8 (patch) | |
| tree | 9372badaa1e8bf9006a785488e6928db17947f21 /docs/random-numbers.rst | |
| parent | 09fd41dd385797faa967601a95d79e1d4e126e0d (diff) | |
| download | cryptography-2a70f916309fb4c2dd93b7a71a8e7670cf526ee8.tar.gz cryptography-2a70f916309fb4c2dd93b7a71a8e7670cf526ee8.tar.bz2 cryptography-2a70f916309fb4c2dd93b7a71a8e7670cf526ee8.zip | |
Fixed #568 -- Document that users should use urandom for all their random numbers
Diffstat (limited to 'docs/random-numbers.rst')
| -rw-r--r-- | docs/random-numbers.rst | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/docs/random-numbers.rst b/docs/random-numbers.rst new file mode 100644 index 00000000..aa89c8e4 --- /dev/null +++ b/docs/random-numbers.rst @@ -0,0 +1,20 @@ +Random number generation +======================== + +When generating random data for use in cryptographic operations, such as an +initialization vector for encryption in +:class:`~cryptography.hazmat.primitives.ciphers.modes.CBC` mode, you do not +want to use the standard :mod:`random` module APIs. This is because they do not +provide a cryptographically secure random number generator, resulting in +various security issues in different algorithms. + +Therefore, it is our recommendation to always use your operating system's +provided random number generator, which is available as ``os.urandom()``. For +example, if you need 16 bytes of random data for an initialization vector, you +can obtain them with: + +.. doctest:: + + >>> import os + >>> os.urandom(16) + '...' |