Reputation: 1616
How to ensure RNG entropy pool is "secure and full" for generating passwords with passlib?
When looking at using Python's passlib module, the documentation[1] comes with a warning for generating passwords which reads..
Warning: Before using these routines, make sure your system’s RNG entropy pool is secure and full. Also make sure that genword() or genphrase() is called with a sufficiently high entropy parameter the intended purpose of the password.
However it makes no mention of how this is achieved. In practice my understanding is that the entropy pool would fill gradually, usually through keyboard/mouse input but how is this achieved for a headless server for example, and how do you ensure it is secure/full before you call the genword/genphrase functions?
[1] https://passlib.readthedocs.io/en/stable/lib/passlib.pwd.html
Upvotes: 1
Views: 234
Answers (1)
Reputation: 26
On Linux: cat /proc/sys/kernel/random/entropy_avail
$ cat /proc/sys/kernel/random/entropy_avail
3590
The upper limit is 4096, anything close to this is OK
Below 200 is not good.
See: https://blog.cloudflare.com/ensuring-randomness-with-linuxs-random-number-generator/
Upvotes: 1
Related Questions
- Python - password generation with complexity requirement
- Will python SystemRandom / os.urandom always have enough entropy for good crypto
- Random Password Generator quality
- Issue on passwd generator
- Python Password Generatr with read and random module
- High quality, simple random password generator
- How to ensure secure randomization for python password generator
- How to generate passwords in Python 2 and Python 3? Securely?
- Calculating entropy for user- and random passwords