2. 科技
    3. python中令牌是什么

    python中令牌是什么

    科技2023-12-01  115

    python中令牌是什么

    In this piece, you’ll learn the proper ways to generate strong random passwords and tokens that are cryptographically secured. Having secure random numbers allows us to manage sensitive information, such as password and security tokens. We will be using the secrets module, available since Python 3.6. The official documentation states:

    在本文中,您将学习生成安全的强密码和令牌的正确方法。 拥有安全的随机数使我们能够管理敏感信息,例如密码和安全令牌。 我们将使用从Python 3.6开始可用的secrets模块。 官方文档指出:

    “… secrets should be used in preference to the default pseudo-random number generator in the random module, which is designed for modelling and simulation, not security or cryptography.”

    “……机密应优先于随机模块中默认的伪随机数生成器使用,后者是为建模和仿真而设计的,而不是安全性或加密技术。”

    There are three sections in this article:

    本文分为三个部分:

    Basic Usage

    基本用法 Examples

    例子 Conclusion

    结论

    Let’s get started.

    让我们开始吧。

    1.基本用法 (1. Basic Usage)

    The secrets module provides a few built-in functions that we can use to generate numbers and tokens. No setup is required but we need to import the module before we use it.

    Secrets模块提供了一些内置函数,可用于生成数字和令牌。 不需要任何设置,但是在使用模块之前,我们需要先导入模块。

    import secrets

    产生一个随机数 (Generate a random number)

    Use the randbelow function to generate a number. It accepts an integer and the number generated is between 0 and the input integer minus 1. The input integer must be higher than 0

    使用randbelow函数生成一个数字。 它接受一个整数,并且生成的数字在0到输入整数减1之间。输入整数必须大于0。

    secrets.randbelow(2) # generate either 0 or 1secrets.randbelow(10) # generate a number from 0 to 9secrets.randbelow(0) # errorsecrets.randbelow(-10) # error

    You can also use the randbits function to generate a random number. It accepts an integer which represents the number of bits. The input integer must be higher than 0.

    您还可以使用randbits函数生成一个随机数。 它接受一个表示位数的整数。 输入的整数必须大于0。

    secrets.randbits(1) # generate either 0 or 1secrets.randbits(2) # generate a number from 0 to 3secrets.randbits(4) # generate a number from 0 to 15secrets.randbits(8) # generate a number from 0 to 255

    从列表中生成随机元素 (Generate a random element from a list)

    The module also provides a way for us to choose a random element from a non-empty sequence. Let’s try it out using the choice function

    该模块还为我们提供了一种从非空序列中选择随机元素的方法。 让我们使用choice功能尝试一下

    colour = ['red', 'blue', 'green', 'purple', 'yellow']secrets.choice(colour)

    生成一个随机字节串 (Generate a random byte string)

    token_bytes function is the perfect choice for generating bytes. You can specify an integer as a parameter. It will determine a random integer if you don’t specify anything.

    token_bytes函数是生成字节的理想选择。 您可以指定一个整数作为参数。 如果您不指定任何内容,它将确定一个随机整数。

    secrets.token_bytes(8) # generate 8 random bytes string

    You should see a random byte string like this:

    您应该看到如下所示的随机字节字符串:

    b'\x1bq\x8e\x83\x08\xb2g\x17'

    生成十六进制的随机字符串 (Generate a random string in hexadecimal)

    If you wanted a string in hexadecimal, you can use the token_hex function. Just like the token_bytes function, it accepts an integer which is used to generate n number of bytes, each byte will be converted to two hex digits later.

    如果您想要一个十六进制的字符串,可以使用token_hex函数。 就像token_bytes函数一样,它接受一个整数,该整数用于生成n个字节,每个字节将在以后转换为两个十六进制数字。

    secrets.token_hex(16) # generate 16 random hexadecimal string

    This is an example of the output:

    这是输出示例:

    cd7b7fb7e0c5c1fa17389050f884526e

    生成一个URL安全的字符串 (Generate a URL-safe string)

    Sometimes, you might want a string that is Base64 encoded for your web application. The token_urlsafe function comes in handy for such a use case.

    有时,您可能希望为您的Web应用程序使用Base64编码的字符串。 对于这种用例, token_urlsafe函数非常有用。

    secrets.token_urlsafe(16)

    I got the following result:

    我得到以下结果:

    S357dE8QSuE

    2.例子 (2. Examples)

    In this section, I will outline some of the best practices for generating a secure password and token. Feel free to test them on your own.

    在本节中,我将概述一些生成安全密码和令牌的最佳实践。 随时自行测试。

    生成10个字符的字母数字密码 (Generate a 10-characters alphanumeric password)

    import stringimport secretsalphabet = string.ascii_letters + string.digitspassword = ''.join(secrets.choice(alphabet) for i in range(10))print(password)

    ascii_letters — contains both the lower case and upper case from A-Z

    ascii_letters —包含AZ的小写和大写

    生成带有标点符号的10个字符的十六进制密码 (Generate a 10-characters hexadecimal password with punctuation)

    import stringimport secretsalphabet = string.hexdigits + string.punctuationpassword = ''.join(secrets.choice(alphabet) for i in range(10))print(password)

    生成一个包含至少一个小写字母,一个大写字母和一位数字的10个字符的密码 (Generate a 10-characters password with at least one lowercase, one uppercase, and one digit)

    import stringimport secretsalphabet = string.ascii_letters + string.digitswhile True: password = ''.join(secrets.choice(alphabet) for i in range(10)) if (any(c.islower() for c in password) and any(c.isupper() for c in password) and any(c.isdigit() for c in password)): breakprint(password)

    islower — Determine if the character is lowercase

    islower —确定字符是否为小写

    isupper — Determine if the character is uppercase

    isupper —确定字符是否为大写

    isdigit — Determine if the character is a digit

    isdigit —确定字符是否为数字

    生成一个至少包含两个大写两位数字的10个字符的密码 (Generate a 10-characters password with at least two uppercase and two digits)

    import stringimport secretsalphabet = string.ascii_letters + string.digitswhile True: password = ''.join(secrets.choice(alphabet) for i in range(10)) if (sum(c.isupper() for c in password) >= 2 and sum(c.isdigit() for c in password) >= 2): breakprint(password)

    生成唯一的四字密码 (Generate a four-word password that is unique)

    import secretsanimal = ['horse', 'elephant', 'monkey', 'donkey', 'goat', 'chicken', 'duck', 'mouse']fruit = ['apple', 'banana', 'peach', 'orange', 'papaya', 'watermelon', 'durian']electronic = ['computer', 'laptop', 'smartphone', 'battery', 'charger', 'cable']vegetable = ['lettuce', 'spinach', 'celery', 'cabbage', 'turnip', 'cucumber', 'eggplant']word_list = animal + fruit + electronic + vegetablepassword = set()while True: password.add(secrets.choice(word_list)) if(len(password) >= 4): breakprint(' '.join(password))

    生成带有安全令牌的临时URL以重置密码 (Generate a temporary URL with security tokens for a password reset)

    import secretsurl = 'https://mywebsite/reset?key=' + secrets.token_urlsafe()print(url)

    3.结论 (3. Conclusion)

    Let’s recap what we’ve learned today. We started off exploring the basic functions provided by the secrets module.

    让我们回顾一下我们今天学到的东西。 我们开始探索secrets模块提供的基本功能。

    Then, we tested the functions to generate some random password and tokens in string token or bytes.

    然后,我们测试了这些函数以生成一些随机的密码和以字符串标记或字节为单位的标记。

    Finally, we tried to play with the module and generated a few different types of password that are strong and secured.

    最后,我们尝试使用该模块,并生成了几种不同类型的强而安全的密码。

    Please be reminded that you should not store your password in any plain text or encrypted file that is easily recoverable. They should be salted and hashed using an irreversible, one-way hash function.

    请注意,您不应将密码存储在任何易于恢复的纯文本或加密文件中。 应该使用不可逆的单向哈希函数对它们进行加盐和哈希处理。

    Thanks for reading and hope you enjoyed this tutorial. See you again in the next article.

    感谢您的阅读,希望您喜欢本教程。 下篇文章再见。

    翻译自: https://medium.com/better-programming/best-practices-for-generating-secure-passwords-and-tokens-in-python-ebb91d459267

    python中令牌是什么

    相关资源:四史答题软件安装包exe
    Processed: 0.009, SQL: 8