Skip to content

C
cpython
Kaydet (Commit) 4ad46542 authored tarafından Steven D'Aprano's avatar Steven D'Aprano
Dosyalara gözat
Seçenekler

Shorten secrets module docstring, add function docstrings.

üst 151f5d59
Hide whitespace changes
Inline Side-by-side
Showing with 30 additions and 76 deletions
Lib/secrets.py
Dosyayı görüntüle @ 4ad46542
"""Generate cryptographically strong pseudo-random numbers suitable for """Generate cryptographically strong pseudo-random numbers suitable for
managing secrets such as account authentication, tokens, and similar. managing secrets such as account authentication, tokens, and similar.
See PEP 506 for more information.
See PEP 506 for more information.
https://www.python.org/dev/peps/pep-0506/ https://www.python.org/dev/peps/pep-0506/
Random numbers
==============
The ``secrets`` module provides the following pseudo-random functions, based
on SystemRandom, which in turn uses the most secure source of randomness your
operating system provides.
choice(sequence)
Choose a random element from a non-empty sequence.
randbelow(n)
Return a random int in the range [0, n).
randbits(k)
Generates an int with k random bits.
SystemRandom
Class for generating random numbers using sources provided by
the operating system. See the ``random`` module for documentation.
Token functions
===============
The ``secrets`` module provides a number of functions for generating secure
tokens, suitable for applications such as password resets, hard-to-guess
URLs, and similar. All the ``token_*`` functions take an optional single
argument specifying the number of bytes of randomness to use. If that is
not given, or is ``None``, a reasonable default is used. That default is
subject to change at any time, including during maintenance releases.
token_bytes(nbytes=None)
Return a random byte-string containing ``nbytes`` number of bytes.
>>> secrets.token_bytes(16) #doctest:+SKIP
b'\\xebr\\x17D*t\\xae\\xd4\\xe3S\\xb6\\xe2\\xebP1\\x8b'
token_hex(nbytes=None)
Return a random text-string, in hexadecimal. The string has ``nbytes``
random bytes, each byte converted to two hex digits.
>>> secrets.token_hex(16) #doctest:+SKIP
'f9bf78b9a18ce6d46a0cd2b0b86df9da'
token_urlsafe(nbytes=None)
Return a random URL-safe text-string, containing ``nbytes`` random
bytes. On average, each byte results in approximately 1.3 characters
in the final result.
>>> secrets.token_urlsafe(16) #doctest:+SKIP
'Drmhze6EPcv0fN_81Bj-nA'
(The examples above assume Python 3. In Python 2, byte-strings will display
using regular quotes ``''`` with no prefix, and text-strings will have a
``u`` prefix.)
Other functions
===============
compare_digest(a, b)
Return True if strings a and b are equal, otherwise False.
Performs the equality comparison in such a way as to reduce the
risk of timing attacks.
See http://codahale.com/a-lesson-in-timing-attacks/ for a
discussion on how timing attacks against ``==`` can reveal
secrets from your application.
""" """
__all__ = ['choice', 'randbelow', 'randbits', 'SystemRandom', __all__ = ['choice', 'randbelow', 'randbits', 'SystemRandom',
...@@ -100,18 +25,47 @@ randbits = _sysrand.getrandbits ...@@ -100,18 +25,47 @@ randbits = _sysrand.getrandbits
choice = _sysrand.choice choice = _sysrand.choice
def randbelow(exclusive_upper_bound): def randbelow(exclusive_upper_bound):
"""Return a random int in the range [0, n)."""
return _sysrand._randbelow(exclusive_upper_bound) return _sysrand._randbelow(exclusive_upper_bound)
DEFAULT_ENTROPY = 32 # number of bytes to return by default DEFAULT_ENTROPY = 32 # number of bytes to return by default
def token_bytes(nbytes=None): def token_bytes(nbytes=None):
"""Return a random byte string containing *nbytes* bytes.
If *nbytes* is ``None`` or not supplied, a reasonable
default is used.
>>> token_bytes(16) #doctest:+SKIP
b'\\xebr\\x17D*t\\xae\\xd4\\xe3S\\xb6\\xe2\\xebP1\\x8b'
"""
if nbytes is None: if nbytes is None:
nbytes = DEFAULT_ENTROPY nbytes = DEFAULT_ENTROPY
return os.urandom(nbytes) return os.urandom(nbytes)
def token_hex(nbytes=None): def token_hex(nbytes=None):
"""Return a random text string, in hexadecimal.
The string has *nbytes* random bytes, each byte converted to two
hex digits. If *nbytes* is ``None`` or not supplied, a reasonable
default is used.
>>> token_hex(16) #doctest:+SKIP
'f9bf78b9a18ce6d46a0cd2b0b86df9da'
"""
return binascii.hexlify(token_bytes(nbytes)).decode('ascii') return binascii.hexlify(token_bytes(nbytes)).decode('ascii')
def token_urlsafe(nbytes=None): def token_urlsafe(nbytes=None):
"""Return a random URL-safe text string, in Base64 encoding.
The string has *nbytes* random bytes. If *nbytes* is ``None``
or not supplied, a reasonable default is used.
>>> token_urlsafe(16) #doctest:+SKIP
'Drmhze6EPcv0fN_81Bj-nA'
"""
tok = token_bytes(nbytes) tok = token_bytes(nbytes)
return base64.urlsafe_b64encode(tok).rstrip(b'=').decode('ascii') return base64.urlsafe_b64encode(tok).rstrip(b'=').decode('ascii')
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment