Hi python-dev and Raymond,

I think this change is a considerable usability regression for the documentation. Right now the warnings about CSPRNGs are hidden in the introductory paragraph, which users are likely to skip. I agree that there's no need to repeat the same advice twice, but I'd much rather we kept the ".. warning:: " version, so users are more likely to actually read it.

Also, there's a few errors with your commit message. First, we can reasonably assert that urandom provides an acceptable CSPRNG, mostly because it does on every platform I'm aware of. Second, urandom is still a psuedo-random number generator, however they are cryptographically secure, it's not "more random". Wikipedia does a good job laying out the necessary properties for a CSPRNG: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator#Requirements


On Sat, May 10, 2014 at 2:05 PM, raymond.hettinger <python-checkins@python.org> wrote:
changeset:   90618:b466dc34b86e
parent:      90616:ce070040e1a6
user:        Raymond Hettinger <python@rcn.com>
date:        Sat May 10 14:05:28 2014 -0700
  Remove the redundant and poorly worded warning message.

The paragraph above already says, clearly and correctly, that
"However, being completely deterministic, it is not suitable for
all purposes, and is completely unsuitable for cryptographic purposes."

Also we should make any promises about SystemRandom or os.urandom()
being cryptographically secure (they may be, but be can't validate
that promise).  Further, those are actual random number generators
not psuedo-random number generators.

  Doc/library/random.rst |  6 ------
  1 files changed, 0 insertions(+), 6 deletions(-)

diff --git a/Doc/library/random.rst b/Doc/library/random.rst
--- a/Doc/library/random.rst
+++ b/Doc/library/random.rst
@@ -43,12 +43,6 @@
 uses the system function :func:`os.urandom` to generate random numbers
 from sources provided by the operating system.

-.. warning::
-   The pseudo-random generators of this module should not be used for
-   security purposes.  Use :func:`os.urandom` or :class:`SystemRandom` if
-   you require a cryptographically secure pseudo-random number generator.

 Bookkeeping functions:

Repository URL: http://hg.python.org/cpython

Python-checkins mailing list

"I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084