On Tue, Sep 22, 2015 at 02:50:56AM +1000, Chris Angelico wrote:
On Tue, Sep 22, 2015 at 2:10 AM, Steven D'Aprano <steve@pearwood.info> wrote:
Are there use-cases for a strong random float between 0 and 1? If so, is it sufficient to say secrets.randbelow(sys.maxsize)/sys.maxsize, or should we offer secrets.random() and/or secrets.uniform(a, b)?
I would be leery of such a function, because it'd be hard to define it perfectly. Tell me, crypto wonks: If I have a function randfloat() that returns 0.0 <= x < 1.0, is it safe to use it like this:
# Generate an integer 0 <= x < 12345, uniformly distributed uniform = int(randfloat() * 12345) # Ditto but on a logarithmic distribution log = math.exp(randfloat() * math.log(12345)) # Double-logarithmic loglog = math.exp(math.exp(randfloat() * math.log(math.log(12345))))
I'm satisfied by Nick's response to you, which also implies an answer to my question: there is no good use-case for a strong random float and no need for secrets.random(). The main reason I asked is because Ruby's SecureRandom.random_number() optionally returns a float between 0 and 1. -- Steve