[Python-Dev] [Python-checkins] cpython: Remove the redundant and poorly worded warning message.

Tim Peters tim.peters at gmail.com
Sun May 11 02:47:39 CEST 2014


[Raymond Hettinger]
> ...
> I'm not all at comfortable with the wording of the second sentence.
> I was the author of the SystemRandom() class and I only want
> to guarantee that it provides access to the operating system's
> source of random numbers. It is a bold claim to guarantee that
> it is cryptographically secure (many such claims in the past have
> turned-out to be false).  We don't really know what it is going to
> do on a VM for example.
>
> Also, I don't want to call SystemRandom() a pseudo-random number
> generator.  It purports to be an actual random number generator
> (or at least it purports to have used some real source of entropy at
> some stage).  To me (the module maintainer), that is an important
> distinction.

It should be sufficient to say that SystemRandom() inherits all the
properties of the operating system's os.urandom() implementation, yes?
 Since Python has nothing to do with that, it's most accurate and
helpful to tell the user to refer to their OS urandom docs.

On all platforms I'm aware of (two ;-)), urandom() is in fact a
CSPRNG, not an "actual random number generator".  That's why urandom()
can get away with never blocking, potentially producing bits far
faster than the system random() can accumulate fresh entropy.

But all the hideous details don't belong in the Python docs - they
belong in the OS's urandom docs.  A phrasing I've found helpful is to
tell users that "urandom() is as secure as the people who wrote your
operating system knew how to make it".  Linux users smile then, and
Windows users groan ;-)


More information about the Python-Dev mailing list