[Guido]
Thanks! I'd accept this (and I'd reject 504 at the same time). I like the secrets name. I wonder though, should the PEP propose a specific set of functions? (With the understanding that we might add more later.)
The bikeshedding on that will be far more tedious than the implementation. I'll get it started :-) No attempt to be minimal here. More-than-less "obvious" is more important: Bound methods of a SystemRandom instance .randrange() .randint() .randbits() renamed from .getrandbits() .randbelow(exclusive_upper_bound) renamed from private ._randbelow() .choice() Token functions .token_bytes(nbytes) another name for os.urandom() .token_hex(nbytes) same, but return string of ASCII hex digits .token_url(nbytes) same, but return URL-safe base64-encoded ASCII .token_alpha(alphabet, nchars) string of `nchars` characters drawn uniformly from `alphabet`