[Python-ideas] Should our default random number generator be secure?

Donald Stufft donald at stufft.io
Wed Sep 9 18:53:33 CEST 2015

On September 9, 2015 at 12:36:16 PM, Guido van Rossum (guido at python.org) wrote:
> I've invited Theo to join this list but he's too busy. The two core Python
> experts on the random module have given me opinions suggesting that there's
> not much wrong with MT, so here I am. Who is right? What should we do? Is
> there anything we need to do?

Everyone is right :)

MT is a fine algorithm for random numbers when you don't need them to be 
cryptographically safe, it is a disastrous algorithm if you do need them to be
safe. As long as you only use MT (and the default ``random``) implementation
for things where the fact the numbers you get aren't going to be quite random
(e.g. they are actually predictable) and you use os.urandom/random.SystemRandom
for everything where you need actual random then everything is fine.

The problem boils down to, are people going to accidently use the default
random module when they really should use os.urandom or random.SystemRandom. It
is my opinion (and I believe Theo's) that they are going to use the MT backed
random functions in random.py when they shouldn't be. However I don't have a
great solution to what we should do about it.

One option is to add a new, random.FastInsecureRandom class, and switch the
"bare" random functions in that module over to using random.SystemRandom by
default. Then if people want to opt into a faster random that isn't
crpytographically secure by default they can use that class. This would
essentially be inverting the relationship today, where it defaults to insecure
and you have to opt in to secure.

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

More information about the Python-ideas mailing list