suspicious-non-cryptographic-random-usage (S311)#
Derived from the flake8-bandit linter.
What it does#
Checks for uses of cryptographically weak pseudo-random number generators.
Why is this bad?#
Cryptographically weak pseudo-random number generators are insecure as they are easily predictable. This can allow an attacker to guess the generated numbers and compromise the security of the system.
Instead, use a cryptographically secure pseudo-random number generator
(such as using the secrets
module)
when generating random numbers for security purposes.
Example#
Use instead: