On 21.09.15 19:22, Steven D'Aprano wrote:
On Sun, Sep 20, 2015 at 09:00:08AM +0300, Serhiy Storchaka wrote:
On 20.09.15 02:40, Tim Peters wrote:
No attempt to be minimal here. More-than-less "obvious" is more important:
Bound methods of a SystemRandom instance .randrange() .randint() .randbits() renamed from .getrandbits() .randbelow(exclusive_upper_bound) renamed from private ._randbelow() .choice()
randbelow() is just an alias for randrange() with single argument. randint(a, b) == randrange(a, b+1).
These functions are redundant and they have non-zero cost.
But they already exist in the random module, so adding them to secrets doesn't cost anything extra.
The main cost is learning and memorising cost. The fewer words you need to learn and keep in memory the better.
Would not renaming getrandbits be confused?
Token functions .token_bytes(nbytes) another name for os.urandom() .token_hex(nbytes) same, but return string of ASCII hex digits .token_url(nbytes) same, but return URL-safe base64-encoded ASCII .token_alpha(alphabet, nchars) string of `nchars` characters drawn uniformly from `alphabet`
token_hex(nbytes) == token_alpha('0123456789abcdef', nchars) ? token_url(nbytes) == token_alpha( 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_', nchars) ?
They may be reasonable implementations for the functions, but simple as they are, I think we still want to provide them as named functions rather than expect the user to write things like the above. If they're doing it more than once, they'll want to write a helper function, we might as well provide that for them.
But why these particular alphabets are special? I expect that every application will use the alphabet that matches its needs. One needs decimal digits ('0123456789'), other needs English letters ('ABCDEFGHIJKLMNOPQRSTUVWXYZ'), or letters and digits and underscore, or letters, digits and punctuation, or all safe ASCII characters, or all well graphical distinguished characters. Why token_hex and token_url, but not token_digits, token_letters, token_identifier, token_base32, token_base85, token_html_safe, etc?