From a9c364e8ee4cf9550ac9dcfd04e41269058eb792 Mon Sep 17 00:00:00 2001 From: BartyBoi1128 <58297160+BartyBoi1128@users.noreply.github.com> Date: Mon, 23 Dec 2024 12:08:29 +0000 Subject: [PATCH] Update docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-330/README.md Co-authored-by: Hubert Daniszewski <61824500+s19110@users.noreply.github.com> Signed-off-by: BartyBoi1128 <58297160+BartyBoi1128@users.noreply.github.com> --- docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-330/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-330/README.md b/docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-330/README.md index e1301673..98e9615c 100644 --- a/docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-330/README.md +++ b/docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-330/README.md @@ -10,7 +10,7 @@ Python's `random` module is a standard library module that provides functions to [[MATSUMOTO, NISHIMURA 1998](https://dl.acm.org/doi/pdf/10.1145/272991.272995)], which is a deterministic algorithm, that, given a particular input, will always produce the same output [[Wikipedia 2024](https://en.wikipedia.org/wiki/Deterministic_algorithm)]. An attacker knowing or guessing the seed value can predict the entire sequence of the pseudorandom numbers. This also means that if two `Random` class objects are created using an identical seed, they will generate the same sequence of numbers, regardless of the Python environment. -Therefore, the random module is unsuitable for applications requiring high security as it does not incorporate cryptographic randomness, which means it is not resistant to reverse engineering. Its limited entropy makes it easier for attackers to deduce the internal state of the generator and predict future outputs. +Therefore, the `random` module is unsuitable for applications requiring high security as it does not incorporate cryptographic randomness, which means it is not resistant to reverse engineering. Its limited entropy makes it easier for attackers to deduce the internal state of the generator and predict future outputs. Instead, for generating random numbers, it is recommended to use a more robust option, such as Python's `secrets` module.