On September 16, 2015 at 11:48:12 AM, Tim Peters (tim.peters@gmail.com) wrote:
There's something else here: some of these messages gave pointers to web pages where "security wonks" conceded that specific uses of SystemRandom were fine, but they couldn't recommend it anyway because it's too hard to explain what is or isn't "safe". "Therefore" users should only use urandom() directly. Which is insane, if for no other reason than that users would then invent their own algorithms to convert urandom() results into floats and ints, etc. Then they'll screw up _that_ part.
That was the documentation for PyCA's cryptography module, where the only use of random we needed was for an IV (which you can use the output of os.urandom directly) and for an integer, which you could just use int.from_bytes and the output of os.urandom (i.e. int.from_bytes(os.urandom(20), byteorder="big")). It wasn't so much a general recommendation against random.SystemRandom, just that for our particular use case os.urandom is either by itself fine, or with a tiny bit of code on top of it fine and that's easier to explain than to try to explain how to use the random module safely and just warn against it entirely. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA