Re: PEP 504: Using the system RNG by default
[Posted September 16, 2015 by jake]
| From: |
| Donald Stufft <donald-/z0sg0XqlqBhl2p70BpVqQ-AT-public.gmane.org> |
| To: |
| guido-+ZN9ApsXKcEdnm+yROfE0A-AT-public.gmane.org, Nick Coghlan <ncoghlan-Re5JQEeQqe8AvxtiuMwx3w-AT-public.gmane.org> |
| Subject: |
| Re: PEP 504: Using the system RNG by default |
| Date: |
| Tue, 15 Sep 2015 13:50:12 -0400 |
| Message-ID: |
| <etPan.55f85a54.432cb095.6557@Draupnir.home> |
| Cc: |
| "=?utf-8?Q?python-ideas=40python.org?=" <python-ideas-+ZN9ApsXKcEdnm+yROfE0A-AT-public.gmane.org> |
On September 15, 2015 at 1:34:56 PM, Guido van Rossum (guido@python.org) wrote:
> > I am fine with adding more secure ways of generating random numbers.
> But we already have random.SystemRandom(), so there doesn’t
> seem to be a hurry?
The problem isn't so much that there isn't a way of securely generating random
numbers, but that the module, as it is right now, guides you towards using an
insecure source of random numbers rather than a secure one. This means that
unless you're familar with the random module or reading the online
documentation you don't really have any idea that ``random.random()`` isn't
secure. This is an attractive nuisance for anyone who *doesn't* need
deterministic output from their random numbers and leads to situations where
people are incorrectly using MT when they should be using SystemRandom because
they don't know any better.
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
_______________________________________________
Python-ideas mailing list
Python-ideas@python.org
https://mail.python.org/mailman/listinfo/python-ideas
Code of Conduct: http://python.org/psf/codeofconduct/
