A more secure 'choice' for password generation.

aviau · May 9, 2019 · 4f694d1 · 4f694d1
1 parent aa74cec
commit 4f694d1
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/pypass/passwordstore.py b/pypass/passwordstore.py
@@ -20,11 +20,18 @@
 import os
 import subprocess
 import string
-import random
 import re
 
 from .entry_type import EntryType
 
+# Secure source of randomness for password generation
+try:
+    from secrets import choice
+except ImportError:
+    import random
+    _system_random = random.SystemRandom()
+    choice = _system_random.choice
+
 # Find the right gpg binary
 if subprocess.call(
         ['which', 'gpg2'],
@@ -188,7 +195,7 @@ def generate_password(digits=True, symbols=True, length=15):
         if digits:
             chars += string.digits
 
-        password = ''.join(random.choice(chars) for i in range(length))
+        password = ''.join(choice(chars) for i in range(length))
         return password
 
     @staticmethod