python随机生成强密码
2018-12-18
杂谈
由于安全需要,建议在不同网站使用不同的强密码。问题在于,每次手动想一个长度够、字符类型也够丰富的密码确实比较麻烦,所以写一个小工具自动生成会方便很多。
不过这里有一个关键点:如果密码真要用于安全场景,应该尽量使用更适合密码生成的随机源,而不是普通的伪随机函数。
python代码如下
import secrets
import string
def get_strong_pass(length=16):
alphabet = string.ascii_letters + string.digits + "_#-"
return "".join(secrets.choice(alphabet) for _ in range(length))
print(get_strong_pass())
相比 random.choice(),这里的 secrets.choice() 更适合生成密码、令牌这类安全相关字符串。
接下来把函数放在 Django 里调用就可以了。这里我也给一个浏览器端的 JavaScript 版本,不过同样建议用更可靠的随机源。
javascript 代码
<script>
function createPassword(min,max) {
//可以生成随机密码的相关数组
var num = ["0","1","2","3","4","5","6","7","8","9"];
var english = ["a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"];
var ENGLISH = ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z"];
var special = ["-","_","#"];
var config = num.concat(english).concat(ENGLISH).concat(special);
//先放入一个必须存在的
var arr = [];
arr.push(getOne(num));
arr.push(getOne(english));
arr.push(getOne(ENGLISH));
arr.push(getOne(special));
//获取需要生成的长度
var len = min + Math.floor(Math.random()*(max-min+1));
for(var i=4; i<len; i++){
//从数组里面抽出一个
arr.push(config[Math.floor(Math.random()*config.length)]);
}
//乱序
var newArr = [];
for(var j=0; j<len; j++){
var randomIndex = getSecureInt(arr.length);
newArr.push(arr.splice(randomIndex,1)[0]);
}
//随机从数组中抽出一个数值
function getOne(arr) {
return arr[getSecureInt(arr.length)];
}
function getSecureInt(max) {
var randomArray = new Uint32Array(1);
window.crypto.getRandomValues(randomArray);
return randomArray[0] % max;
}
return newArr.join("");
}
document.write(createPassword(15,15));
</script>
强密码在这里
如果只是演示页面效果,这样已经够用了;如果真要长期使用,还是更推荐本地生成后再复制,或者直接交给成熟的密码管理器统一保存。
- 原文作者:春江暮客
- 原文链接:https://www.bobobk.com/136.html
- 版权声明:本作品采用 知识共享署名-非商业性使用-禁止演绎 4.0 国际许可协议 进行许可,非商业转载请注明出处(作者,原文链接),商业转载请联系作者获得授权。