diff --git a/exercises/diffie-hellman/.meta/hints.md b/exercises/diffie-hellman/.meta/hints.md new file mode 100644 index 0000000000..c3f8575374 --- /dev/null +++ b/exercises/diffie-hellman/.meta/hints.md @@ -0,0 +1,16 @@ +## Should I use random or secrets? + +Python, as of version 3.6, includes two different random modules. + +The module called `random` is pseudo-random, meaning it does not generate +true randomness, but follows an algorithm that simulates randomness. +Since random numbers are generated through a known algorithm, they are not truly random. + +The `random` module is not correctly suited for cryptography and should not be used, +precisely because it is pseudo-random. + +For this reason, in version 3.6, Python introduced the `secrets` module, which generates +cryptographically strong random numbers that provide the greater security required for cryptography. + +Since this is only an exercise, `random` is fine to use, but note that **it would be +very insecure if actually used for cryptography.** diff --git a/exercises/diffie-hellman/README.md b/exercises/diffie-hellman/README.md index 0a793540a7..d4a5f867a0 100644 --- a/exercises/diffie-hellman/README.md +++ b/exercises/diffie-hellman/README.md @@ -37,9 +37,22 @@ Bob calculates The calculations produce the same result! Alice and Bob now share secret s. -## Notes +## Should I use random or secrets? -Python, as of version 3.6, includes two different random modules. The module called `random` is pseudo-random, meaning it does not generate true randomness, but follows and algorithm that simulates randomness. Since random numbers are generated through a known algorithm, they are not truly random. The `random` module is not correctly suited for cryptography and should not be used, because it is pseudo-random. In version 3.6, Python introduced the `secrets` module, which generates cryptographically strong random numbers that provide the greater security required for cryptography. Since this is only an exercise, `random` is fine to use, but note that it would be very insecure if actually used for cryptography. +Python, as of version 3.6, includes two different random modules. + +The module called `random` is pseudo-random, meaning it does not generate +true randomness, but follows an algorithm that simulates randomness. +Since random numbers are generated through a known algorithm, they are not truly random. + +The `random` module is not correctly suited for cryptography and should not be used, +precisely because it is pseudo-random. + +For this reason, in version 3.6, Python introduced the `secrets` module, which generates +cryptographically strong random numbers that provide the greater security required for cryptography. + +Since this is only an exercise, `random` is fine to use, but note that **it would be +very insecure if actually used for cryptography.** ### Submitting Exercises diff --git a/exercises/simple-cipher/.meta/hints.md b/exercises/simple-cipher/.meta/hints.md new file mode 100644 index 0000000000..b2358ef5d3 --- /dev/null +++ b/exercises/simple-cipher/.meta/hints.md @@ -0,0 +1,16 @@ +## Should I use random or secrets? + +Python, as of version 3.6, includes two different random modules. + +The module called `random` is pseudo-random, meaning it does not generate +true randomness, but follows an algorithm that simulates randomness. +Since random numbers are generated through a known algorithm, they are not truly random. + +The `random` module is not correctly suited for cryptography and should not be used, +precisely because it is pseudo-random. + +For this reason, in version 3.6, Python introduced the `secrets` module, which generates +cryptographically strong random numbers that provide the greater security required for cryptography. + +Since this is only an exercise, `random` is fine to use, but note that **it would be +very insecure if actually used for cryptography.** diff --git a/exercises/simple-cipher/README.md b/exercises/simple-cipher/README.md index 83779a968d..d271150fa4 100644 --- a/exercises/simple-cipher/README.md +++ b/exercises/simple-cipher/README.md @@ -83,6 +83,23 @@ on Wikipedia][dh] for one of the first implementations of this scheme. [1]: https://upload.wikimedia.org/wikipedia/commons/thumb/4/4a/Caesar_cipher_left_shift_of_3.svg/320px-Caesar_cipher_left_shift_of_3.svg.png [dh]: http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange +## Should I use random or secrets? + +Python, as of version 3.6, includes two different random modules. + +The module called `random` is pseudo-random, meaning it does not generate +true randomness, but follows an algorithm that simulates randomness. +Since random numbers are generated through a known algorithm, they are not truly random. + +The `random` module is not correctly suited for cryptography and should not be used, +precisely because it is pseudo-random. + +For this reason, in version 3.6, Python introduced the `secrets` module, which generates +cryptographically strong random numbers that provide the greater security required for cryptography. + +Since this is only an exercise, `random` is fine to use, but note that **it would be +very insecure if actually used for cryptography.** + ### Submitting Exercises Note that, when trying to submit an exercise, make sure the solution is in the `exercism/python/` directory.