password_generator is using an insecure random instead of secrets.

[khaledrezk]

password_generator is using an insecure random instead of secrets. Python random uses a simple pseudo random generator which by default uses a seed based on time and is not recommended to used in any security related key generation. A person who have knowledge of the exact timing or have a good guess about a small time range when the program started can always guess the seeds with high probability and regenerate the same passwords.

Expected behavior Having a password generator should use a more resilient secret generator which isn't easy to guess by external processes on the same machine and probably the easy fix would be to use python secrets module instead of random and update the shuffle to use Fisher–Yates shuffle based on secrets.choice.

[Blandes22]

Hello, I see that this issue is still open and I am unsure whether or not the issue has been worked out or not. If not, I would love to participate and see what I can do to make this more secure.

[Blandes22]

Hello again, haven't heard anything is a while and wanted to check up. I don't mean to pester anyone, I was just wanting to see if this was available.

[pawangeek]

@Blandes22 Yup make the required changes

[Blandes22]

It should be good to go now. Please let me know if there is anything else that I have missed. I did not mark all the checks but, I do believe some were unnecessary to this pull request.