diff options
Diffstat (limited to 'docs/random-numbers.rst')
| -rw-r--r-- | docs/random-numbers.rst | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/docs/random-numbers.rst b/docs/random-numbers.rst new file mode 100644 index 00000000..c8f95fd8 --- /dev/null +++ b/docs/random-numbers.rst @@ -0,0 +1,20 @@ +Random number generation +======================== + +When generating random data for use in cryptographic operations, such as an +initialization vector for encryption in +:class:`~cryptography.hazmat.primitives.ciphers.modes.CBC` mode, you do not +want to use the standard :mod:`random` module APIs. This is because they do not +provide a cryptographically secure random number generator, which can result in +major security issues depending on the algorithms in use. + +Therefore, it is our recommendation to always use your operating system's +provided random number generator, which is available as ``os.urandom()``. For +example, if you need 16 bytes of random data for an initialization vector, you +can obtain them with: + +.. doctest:: + + >>> import os + >>> os.urandom(16) + '...' |