On 16 June 2016 at 10:40, Nathaniel Smith <njs@pobox.com> wrote:
On Jun 16, 2016 10:01 AM, "David Mertz" <mertz@gnosis.cx> wrote:
Python 3.6 is introducing a NEW MODULE, with new APIs. The 'secrets' module is the very first time that Python has ever really explicitly addressed cryptography in the standard library.
This is completely, objectively untrue. If you look up os.urandom in the official manual for the standard library, then it have always stated explicitly, as the very first line, that os.urandom returns "a string of n random bytes suitable for cryptographic use." This is *exactly* the same explicit guarantee that the secrets module makes. The motivation for adding the secrets module was to make this functionality easier to find and more convenient to use (e.g. by providing convenience functions for getting random strings of ASCII characters), not to suddenly start addressing cryptographic concerns for the first time.
An analogy that occurred to me that may help some folks: secrets is a higher level API around os.urandom and some other standard library features (like base64 and binascii.hexlify) in the same way that shutil and pathlib are higher level APIs that aggregate other os module functions with other parts of the standard library. The existence of those higher level APIs doesn't make the lower level building blocks redundant. Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia