Lab 14: Security Hardening

pip install cryptography

import secrets
import string

# Never use random module for security-sensitive values!
# import random  # WRONG for secrets

# Token generation
print("=== Secure Token Generation ===")
print(f"token_bytes(16): {secrets.token_bytes(16).hex()}")
print(f"token_hex(16):   {secrets.token_hex(16)}")      # 32 hex chars
print(f"token_urlsafe(16): {secrets.token_urlsafe(16)}")  # URL-safe base64

# API key generation
def generate_api_key(prefix: str = "sk") -> str:
    """Generate a Stripe-style API key."""
    token = secrets.token_urlsafe(32)
    return f"{prefix}_{token}"

print(f"\nAPI key: {generate_api_key('sk')}")
print(f"API key: {generate_api_key('pk')}")

# Secure random password
def generate_password(length: int = 16) -> str:
    alphabet = string.ascii_letters + string.digits + "!@#$%^&*"
    while True:
        pwd = ''.join(secrets.choice(alphabet) for _ in range(length))
        # Ensure complexity requirements
        has_upper = any(c.isupper() for c in pwd)
        has_digit = any(c.isdigit() for c in pwd)
        has_special = any(c in "!@#$%^&*" for c in pwd)
        if has_upper and has_digit and has_special:
            return pwd

print(f"Password: {generate_password(20)}")

# Secure comparison token (for URL-safe tokens)
def generate_csrf_token() -> str:
    return secrets.token_urlsafe(32)

token = generate_csrf_token()
print(f"CSRF token (length={len(token)}): {token[:20]}...")