Hi python-dev and Raymond,
I think this change is a considerable usability regression for the documentation. Right now the warnings about CSPRNGs are hidden in the introductory paragraph, which users are likely to skip. I agree that there's no need to repeat the same advice twice, but I'd much rather we kept the ".. warning:: " version, so users are more likely to actually read it.
Also, there's a few errors with your commit message. First, we can reasonably assert that urandom provides an acceptable CSPRNG, mostly because it does on every platform I'm aware of. Second, urandom is still a psuedo-random number generator, however they are cryptographically secure, it's not "more random". Wikipedia does a good job laying out the necessary properties for a CSPRNG: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_g...
On Sat, May 10, 2014 at 2:05 PM, raymond.hettinger < firstname.lastname@example.org> wrote:
http://hg.python.org/cpython/rev/b466dc34b86e changeset: 90618:b466dc34b86e parent: 90616:ce070040e1a6 user: Raymond Hettinger email@example.com date: Sat May 10 14:05:28 2014 -0700 summary: Remove the redundant and poorly worded warning message.
The paragraph above already says, clearly and correctly, that "However, being completely deterministic, it is not suitable for all purposes, and is completely unsuitable for cryptographic purposes."
Also we should make any promises about SystemRandom or os.urandom() being cryptographically secure (they may be, but be can't validate that promise). Further, those are actual random number generators not psuedo-random number generators.
files: Doc/library/random.rst | 6 ------ 1 files changed, 0 insertions(+), 6 deletions(-)
diff --git a/Doc/library/random.rst b/Doc/library/random.rst --- a/Doc/library/random.rst +++ b/Doc/library/random.rst @@ -43,12 +43,6 @@ uses the system function :func:`os.urandom` to generate random numbers from sources provided by the operating system.
- The pseudo-random generators of this module should not be used for
- security purposes. Use :func:`os.urandom` or :class:`SystemRandom` if
- you require a cryptographically secure pseudo-random number generator.
-- Repository URL: http://hg.python.org/cpython
Python-checkins mailing list Pythonfirstname.lastname@example.org https://mail.python.org/mailman/listinfo/python-checkins