Implement exercise diffie-hellman #756
Conversation
|
Done! |
kusti8
changed the title
|
|
||
|
|
||
| def private_key(p): | ||
| return random.randint(2, p-1) |
There was a problem hiding this comment.
I think that this should use secrets rather than random, since the exercise is a cryptographic one. Perhaps we should also have a note in README.md that solutions should avoid using random since it's not cryptographically secure?
def private_key(p):
return 2 + secrets.randbelow(p-2)
There was a problem hiding this comment.
I did look at that, but according to the PEP it was introduced in version 3.6, so it isn't compatible with Python 2 or most Python 3 versions on stable distros. It seems that exercism wants cross compatibility which is why I chose to use the default random instead.
There was a problem hiding this comment.
Good points!
These are just training exercises, so random is good enough I think.
But it would be a really good idea to mention secrets in HINTS.md for such exercises.
@N-Parsons, could you please create an issue for it to not forget?
There was a problem hiding this comment.
I'll add a note to the readme about it and pseudo randomness.
There was a problem hiding this comment.
Sorry, @kusti8, I hadn't realised that secrets was only in Python 3.6.
@m-a-ge, I'll create an issue for it now :)
exercises/diffie-hellman/README.md
Outdated
|
|
||
| ## Notes | ||
|
|
||
| Python, as of version 3.6, includes two different random modules. The module called `random` is pseudo-random, meaning it does not generate true randomness, but follows and algorithm that simulates randomness. Since random numbers are generated through a known algorithm, they are not truly random. The `random` module is not correctly suited for crypotography and should not be used, because it is pseudo-random. In version 3.6, Python introduced the `secrets` module which is more cryptographically secure and produces more random numbers suited for cryptography. Since this is only an exercise, `random` is fine to use, but note that it would be very insecure if actually used for crypotgraphy. |
There was a problem hiding this comment.
@kusti8 Looks good. My only suggestion would be to reword the penultimate sentence to:
"In version 3.6, Python introduced the secrets module, which generates cryptographically strong random numbers that provide the greater security required for cryptography."
There was a problem hiding this comment.
There are also a typos in the middle and at the end:
"crypotography" --> "cryptography"
"crypotgraphy" --> "cryptography"
|
@N-Parsons thanks for the review @kusti8 thanks a lot for working on this! |
Fixes #747