On September 15, 2015 at 1:34:56 PM, Guido van Rossum (guido@python.org) wrote:
I am fine with adding more secure ways of generating random numbers. But we already have random.SystemRandom(), so there doesn’t seem to be a hurry?
The problem isn't so much that there isn't a way of securely generating random numbers, but that the module, as it is right now, guides you towards using an insecure source of random numbers rather than a secure one. This means that unless you're familar with the random module or reading the online documentation you don't really have any idea that ``random.random()`` isn't secure. This is an attractive nuisance for anyone who *doesn't* need deterministic output from their random numbers and leads to situations where people are incorrectly using MT when they should be using SystemRandom because they don't know any better. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA