

Advanced Security Topics (PyCon US 2012) - kmfrk
http://www.youtube.com/watch?v=JOXwclgvXB0

======
kmfrk
A great discussion that highlights some common misconceptions in Python
security. Here is the pyvideo link: <http://pyvideo.org/video/634/advanced-
security-topics>.

Some quick notes:

    
    
        1. Don't use `from random import choice`. 
           Use `from random import SystemRandom()`.
    
        2. PyPi should not be used with abandon.
    
        3. Use HMAC for hashing (and salt).
    
        4. Don't write your own encryption (unless 
           you're a cryptographer, perhaps).
    
        5. Use JSON for untrusted data (or another
           serialization format with a safe deserializer).

