When I was rebuilding my website, I decided to finally implement a tool that I have been interested in for a long time. Secret keys are an important part of signing in Django so generating them is important. And I know a lot of beginners who use web based tools instead of the official tool to generate their keys. It’s concerning to me that a lot of these tools will not provide their source code unless you dig and have never gone through any kind of validation on whether they are actually random or not.
So, I thought I would create my own. My django secret key generator is now live and the page contains both the Python code and my javascript implementation.
You’ll note it also includes a disclaimer that while this is fairly random, I would suggest using the built in Django secret key generator in production. And since I don’t know how random ‘fairly random’ is or even how random the Django secret key generator is, I decided to do some analysis.
I started off generating and analyzing 10,000 secret keys with both my javascript method and the built in Django method. At 10,000 my results were okay though a little questionable. So I decided to dig deeper and try 50,000. My results were better so, long story short, I’m currently downloading the Cuda toolkit so I can start analyzing a lot of keys. I will publish the results later on and update this plus my django key generator. But for now, this should be good enough for dev use.