Hey all

I recently discovered a quite cute crypto module for Python. It is divided in two logical security layers. The first (Fernet) can be used by cryptology unaware programmers in a way that makes it unlikely to introduce any security flaws. The seconds layer (called Hazmat) allows access to all kinds of cryptographical primitives, such as HMACS and asymmetric encryption functions.

The Problem

Normally you don't want to use primitives, because it is tricky to do correct (event for advanced programmers). But unfortunately the secure and simple API functionality Fernet:

>>> from cryptography.fernet import Fernet
>>> key = Fernet.generate_key()
>>> f = Fernet(key)
>>> token = f.encrypt(b"my deep dark secret")
>>> token
'...'
>>> f.decrypt(token)
'my deep dark secret

suffers from the huge inconvenience that you need to store (or imagine:remember!) a 32 byte key in order to decrypt the tokens that Fernet outputs.
It would be much more convenient to just pass a password to Fernet which in turn makes a 32 byte, Base 64 encoded encryption token out of it. Of course your own
password is much less secure then 32 bytes from os.urandom(32), but at least it is somehow usable.

So I came up with …

If you are a programmer, you sometimes find yourself in the need for random numbers. There are many possible use cases:

• Generate data for unit-tests.
• Build secure passwords or keys as input for ciphers like AES, Twofish and its colleagues.
• Simulating the real world for modelling applications.
• A prominent use case: Lot's of gambling sites depend on good random number generators.

Now if you code in PHP, there are quite some different ways to obtain random numbers. There is the rand ( int $min , int $max ) function for instance: It yields a random number within the range specified by the $min and $max parameters.

The documentation states that this approach isn't particularly secure and shouldn't be used for applications that need to feed algorithms with cryptographically secure random data. Then there's mt_rand ( int $min , int $max ) that apparently creates better random values. Certainly not suitable for crypto purposes as well.
There were/are quite some applications concerned with security bugs because of using rand() or mt_rand() for passwords, encryption keys, session cookies, CSRF tokens and the like. See also this link to a related discussion on security.stackexchange.com.

But because of convenience of the $min, $max interfaces of rand() and …