<ruby id="bdb3f"></ruby>

    <p id="bdb3f"><cite id="bdb3f"></cite></p>

      <p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>
        <p id="bdb3f"><cite id="bdb3f"></cite></p>

          <pre id="bdb3f"></pre>
          <pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

          <ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
          <pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre><output id="bdb3f"></output><p id="bdb3f"></p><p id="bdb3f"></p>

          <pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

                <ruby id="bdb3f"></ruby>

                合規國際互聯網加速 OSASE為企業客戶提供高速穩定SD-WAN國際加速解決方案。 廣告
                ### 導航 - [索引](../genindex.xhtml "總目錄") - [模塊](../py-modindex.xhtml "Python 模塊索引") | - [下一頁](allos.xhtml "通用操作系統服務") | - [上一頁](hmac.xhtml "hmac --- 基于密鑰的消息驗證") | - ![](https://box.kancloud.cn/a721fc7ec672275e257bbbfde49a4d4e_16x16.png) - [Python](https://www.python.org/) ? - zh\_CN 3.7.3 [文檔](../index.xhtml) ? - [Python 標準庫](index.xhtml) ? - [加密服務](crypto.xhtml) ? - $('.inline-search').show(0); | # [`secrets`](#module-secrets "secrets: Generate secure random numbers for managing secrets.") --- Generate secure random numbers for managing secrets 3\.6 新版功能. **Source code:** [Lib/secrets.py](https://github.com/python/cpython/tree/3.7/Lib/secrets.py) \[https://github.com/python/cpython/tree/3.7/Lib/secrets.py\] - - - - - - The [`secrets`](#module-secrets "secrets: Generate secure random numbers for managing secrets.") module is used for generating cryptographically strong random numbers suitable for managing data such as passwords, account authentication, security tokens, and related secrets. In particularly, [`secrets`](#module-secrets "secrets: Generate secure random numbers for managing secrets.") should be used in preference to the default pseudo-random number generator in the [`random`](random.xhtml#module-random "random: Generate pseudo-random numbers with various common distributions.") module, which is designed for modelling and simulation, not security or cryptography. 參見 [**PEP 506**](https://www.python.org/dev/peps/pep-0506) \[https://www.python.org/dev/peps/pep-0506\] ## Random numbers The [`secrets`](#module-secrets "secrets: Generate secure random numbers for managing secrets.") module provides access to the most secure source of randomness that your operating system provides. *class* `secrets.``SystemRandom`A class for generating random numbers using the highest-quality sources provided by the operating system. See [`random.SystemRandom`](random.xhtml#random.SystemRandom "random.SystemRandom") for additional details. `secrets.``choice`(*sequence*)Return a randomly-chosen element from a non-empty sequence. `secrets.``randbelow`(*n*)Return a random int in the range \[0, *n*). `secrets.``randbits`(*k*)Return an int with *k* random bits. ## Generating tokens The [`secrets`](#module-secrets "secrets: Generate secure random numbers for managing secrets.") module provides functions for generating secure tokens, suitable for applications such as password resets, hard-to-guess URLs, and similar. `secrets.``token_bytes`(\[*nbytes=None*\])Return a random byte string containing *nbytes* number of bytes. If *nbytes* is `None` or not supplied, a reasonable default is used. ``` >>> token_bytes(16) b'\xebr\x17D*t\xae\xd4\xe3S\xb6\xe2\xebP1\x8b' ``` `secrets.``token_hex`(\[*nbytes=None*\])Return a random text string, in hexadecimal. The string has *nbytes*random bytes, each byte converted to two hex digits. If *nbytes* is `None` or not supplied, a reasonable default is used. ``` >>> token_hex(16) 'f9bf78b9a18ce6d46a0cd2b0b86df9da' ``` `secrets.``token_urlsafe`(\[*nbytes=None*\])Return a random URL-safe text string, containing *nbytes* random bytes. The text is Base64 encoded, so on average each byte results in approximately 1.3 characters. If *nbytes* is `None` or not supplied, a reasonable default is used. ``` >>> token_urlsafe(16) 'Drmhze6EPcv0fN_81Bj-nA' ``` ### How many bytes should tokens use? To be secure against [brute-force attacks](https://en.wikipedia.org/wiki/Brute-force_attack) \[https://en.wikipedia.org/wiki/Brute-force\_attack\], tokens need to have sufficient randomness. Unfortunately, what is considered sufficient will necessarily increase as computers get more powerful and able to make more guesses in a shorter period. As of 2015, it is believed that 32 bytes (256 bits) of randomness is sufficient for the typical use-case expected for the [`secrets`](#module-secrets "secrets: Generate secure random numbers for managing secrets.") module. For those who want to manage their own token length, you can explicitly specify how much randomness is used for tokens by giving an [`int`](functions.xhtml#int "int")argument to the various `token_*` functions. That argument is taken as the number of bytes of randomness to use. Otherwise, if no argument is provided, or if the argument is `None`, the `token_*` functions will use a reasonable default instead. 注解 That default is subject to change at any time, including during maintenance releases. ## 其他功能 `secrets.``compare_digest`(*a*, *b*)Return `True` if strings *a* and *b* are equal, otherwise `False`, in such a way as to reduce the risk of [timing attacks](https://codahale.com/a-lesson-in-timing-attacks/) \[https://codahale.com/a-lesson-in-timing-attacks/\]. See [`hmac.compare_digest()`](hmac.xhtml#hmac.compare_digest "hmac.compare_digest") for additional details. ## Recipes and best practices This section shows recipes and best practices for using [`secrets`](#module-secrets "secrets: Generate secure random numbers for managing secrets.")to manage a basic level of security. Generate an eight-character alphanumeric password: ``` import string alphabet = string.ascii_letters + string.digits password = ''.join(choice(alphabet) for i in range(8)) ``` 注解 Applications should not [store passwords in a recoverable format](http://cwe.mitre.org/data/definitions/257.html) \[http://cwe.mitre.org/data/definitions/257.html\], whether plain text or encrypted. They should be salted and hashed using a cryptographically-strong one-way (irreversible) hash function. Generate a ten-character alphanumeric password with at least one lowercase character, at least one uppercase character, and at least three digits: ``` import string alphabet = string.ascii_letters + string.digits while True: password = ''.join(choice(alphabet) for i in range(10)) if (any(c.islower() for c in password) and any(c.isupper() for c in password) and sum(c.isdigit() for c in password) >= 3): break ``` Generate an [XKCD-style passphrase](https://xkcd.com/936/) \[https://xkcd.com/936/\]: ``` # On standard Linux systems, use a convenient dictionary file. # Other platforms may need to provide their own word-list. with open('/usr/share/dict/words') as f: words = [word.strip() for word in f] password = ' '.join(choice(words) for i in range(4)) ``` Generate a hard-to-guess temporary URL containing a security token suitable for password recovery applications: ``` url = 'https://mydomain.com/reset=' + token_urlsafe() ``` ### 導航 - [索引](../genindex.xhtml "總目錄") - [模塊](../py-modindex.xhtml "Python 模塊索引") | - [下一頁](allos.xhtml "通用操作系統服務") | - [上一頁](hmac.xhtml "hmac --- 基于密鑰的消息驗證") | - ![](https://box.kancloud.cn/a721fc7ec672275e257bbbfde49a4d4e_16x16.png) - [Python](https://www.python.org/) ? - zh\_CN 3.7.3 [文檔](../index.xhtml) ? - [Python 標準庫](index.xhtml) ? - [加密服務](crypto.xhtml) ? - $('.inline-search').show(0); | ? [版權所有](../copyright.xhtml) 2001-2019, Python Software Foundation. Python 軟件基金會是一個非盈利組織。 [請捐助。](https://www.python.org/psf/donations/) 最后更新于 5月 21, 2019. [發現了問題](../bugs.xhtml)? 使用[Sphinx](http://sphinx.pocoo.org/)1.8.4 創建。
                  <ruby id="bdb3f"></ruby>

                  <p id="bdb3f"><cite id="bdb3f"></cite></p>

                    <p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>
                      <p id="bdb3f"><cite id="bdb3f"></cite></p>

                        <pre id="bdb3f"></pre>
                        <pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

                        <ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
                        <pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre><output id="bdb3f"></output><p id="bdb3f"></p><p id="bdb3f"></p>

                        <pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

                              <ruby id="bdb3f"></ruby>

                              哎呀哎呀视频在线观看