10 Jun
2016
10 Jun
'16
7:57 p.m.
Tim Peters <tim.peters@gmail.com> wrote:
secrets.token_bytes() is already the way to spell "get a string of messed-up bytes", and that's the dead obvious (according to me) place to add the potentially blocking implementation.
I honestly didn't think that this was the dead obvious function to use. To me the naming kind of suggested that it would do some special magic that tokens needed, instead of just returning random bytes (even though the best token is probably just perfectly random data). If you want to provide a general function for secure random bytes I would suggest at least a better naming. Sebastian