CALL US

  +91 97199 65550

  +44 203 372 4609

  +1 408 454 6110

Get Free Quote
Font size: +
Print

Python 3.6 adds New secrets Module for Robust Account and Password Security

General
83813 Hits

python-ev.png

Python 3.6, the newest major release of the Python language, has added a new module, called secrets, to help generate cryptographically strong random numbers for managing secrets, like account authentication, tokens and related secrets. Python developers are highly likely to prefer secrets over the default pseudo-random number generator in the random module, since it’s not meant for cryptography or security, but modelling and simulation.

Let’s understand with an example how one can create their own cryptographically strong pseudo-random values and generate tokens using the secrets module.

How to create Cryptographically Strong Pseudo-Random Values using secrets

>>> import secrets
>>> import string
>>> characters = string.ascii_letters + string.digits
>>> secure_password = ''.join(secrets.choice(chNo Records.aracters) for i in range(10))
>>> secure_password
'SRvM54ZAs1'

The first step is to import the secrets and the string modules. Then we create a string of uppercase letters and integers. Now, in order to choose characters randomly to generate a secure password, we need to use the secrets module’s choice() method. The reason it’s being called a secure password is because there’s been a use of mixed case, numbers and symbols in the password, which is highly advised to people to keep their passwords protected from hack attacks.

How to Generate Tokens using secrets

There is not one but several methods to generate tokens using the secrets module. Below are mentioned some examples to ease your learning on token generation using secrets.

>>>: secrets.token_bytes()
b'\xd1Od\xe0\xe4\xf8Rn\xf4G\xdb\x08\xa8\x85\xeb\xba>\x8cO\xa7XV\x1cb\xd6\x11\xa0\xcaK'
>>> secrets.token_bytes(8)
b'\xfc,9y\xbe]\x0e\xfb'
>>> secrets.token_hex(16)
'6cf3baf51c12ebfcbe26d08b6bbe1ac0'
>>> secrets.token_urlsafe(16)
'5t_jLGlV8yp2Q5tolvBesQ'

The token_bytes function here allows to return a random byte string containing nbytes number of bytes. A reasonable default could also be put into use when nbytes is None or not supplied. In the first example, there is no mention of number of bytes, hence Python itself choose a reasonable number there. The token-bytes function was used again, but this time with 8 bytes. The next function used was token_hex, to return a random text string, in hexadecimal. The token_urlsafe function is the last one used there, meant to return a random URL-safe text string. Base64 encoding was also used for text.

Click here to unveil 7 Python libraries to use in 2017

How Many Bytes to Use for Tokens?

You should have sufficient randomness for your tokens to secure them against brute-force attacks. It’s advised that at least 32 bytes (256 bits) of randomness should be used to protect tokens from security breaches.

The Python developer community will see the secrets module as an important addition to Python 3.6. With secrets, Python 3.6 developers now have a reliable way to generate cryptographically strong tokens and passwords.

What’s your view on addition of secrets to Python 3.6? Would you like to give the secrets module a try for generating tokens and passwords? Please share your views in the comment box below.

Source 1: http://www.blog.pythonlibrary.org/

Source 2: https://docs.python.org 
Tweet
Why to Use HTML5 and CSS3 for Your Business?
Why Do Developers Now Compare Vue.js to JavaScript...

Comments

 
No comments yet
Already Registered? Login Here
Guest
Friday, 07 November 2025
If you'd like to register, please fill in the username, password and name fields.

SEARCH BLOG

CATEGORY

Miscellaneous
Software Development Outsourcing
Salesforce
Marketing
General
Consulting
Mobile Development
Java Web Development
iPhone Application Development
Agile Software Development
Android Development
Joomla Development
Wordpress Development
Company Achievements
PHP Development
HTML Development
Quality Assurance
CMS
Drupal Development
.net development
Magento Development
RoR Development
Windows Mobile Development
Flash/Flex Development
Cyber Security
Agentic AI

ARCHIVES

2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2013
2011
2010
development Salesforce offshore software development CRM business offshore software development company software outsourcing C++ application apps web java Cloud computing mobile app development Big Data Analytics web development mobile app development company J2ee custom app development cloud Big Data javascript website project management IT developers IT consulting and software development developer Evon Technologies Salesforce customization QA Offshore development India software development NodeJs Android development Web app development Salesforce Cloud Services Salesforce consulting Software development and testing testing Product Development Web 3.0 Automation Offshore development consultant programming digital marketing services Salesforce development language digital marketing services india iOS apps Progressive Web Apps data security offshore Social Media Marketing Salesforce Lightning risk management software development outsourcing Web application mobile Salesforce CRM Offshore software development services enterprise Salesforce Mobile Development Joomla developers QA and Testing business analysts MVP Development consulting Python Blockchain EmployeeEngagement Agile Development Salesforce cloud startups Agile product Development project management methodology DevOps data Business continuity WordPress GDPR PHP development task management Project Manager project time tracking MVP software Resource Management project management methodologies data protection Web designinng Big data and lead generation marketing automation DevOps services accessibility App Development Outsourcing business management Data security breach

Our Team

We are a group of technology experts committed to designing, developing and delivering solutions for our clients, since the year 2006. Our team of 425+ stays ahead of the ever-evolving technology landscape it works in. Thus, we keep honing and expanding our expertise in order to cater to both startups as well as established enterprises. Know more about us here.

Certifications

  •   CMMI - Level 3
  •   ISO 27001 : 2022
  •   ISO 9001 : 2015
  • aws partner icon AWS

Get in Touch

 +91 97199 65550

 +44 203 372 4609

 +1 408 454 6110

 (HR) +91 8266041801

teams icon evontech Start a quick MS Teams chat with our Sales desk

 This email address is being protected from spambots. You need JavaScript enabled to view it.

  A- 5, IT Park, Dehradun, Uttarakhand, India, PIN - 248001.

follow us on

Subscribe to our Newsletter

We are proud to allocate our CSR funds to support the PM's Citizen Assistance and Relief in Emergency Situations Fund for the FY 2022-23.

PMCares logo

Search

scroll up icon
×
We use cookies on our website to provide you with a more personalised digital experience and for analytics related to our website and other media. For more information, please review our Privacy Policy and Cookies Policy.
Accept