But looks like "secrets"[1] has the strong random.choice provider among others.
Probably the (minimal, dirty) change needed (for python 3.6 and later) is:
import secrets as r
But I can't test that right now. Thanks for calling me out on this, and having me do a quick search to check my assumptions.
I do agree that for this particular case, the pseudo-random generator seeded by system time might be enough (or at least better than "random" key presses) - but I don't like spreading bad patterns. And for any code generating many passwords, with the opportunity for an attacker to get a sample - this is likely very bad.
[ed: hm, no - not yet. I remembered discussions like this:
https://lwn.net/Articles/657269/
But looks like "secrets"[1] has the strong random.choice provider among others.
Probably the (minimal, dirty) change needed (for python 3.6 and later) is:
But I can't test that right now. Thanks for calling me out on this, and having me do a quick search to check my assumptions.I do agree that for this particular case, the pseudo-random generator seeded by system time might be enough (or at least better than "random" key presses) - but I don't like spreading bad patterns. And for any code generating many passwords, with the opportunity for an attacker to get a sample - this is likely very bad.
[1] https://docs.python.org/dev/library/secrets.html ]