[Python-ideas] Should our default random number generator be secure?

Guido van Rossum guido at python.org
Wed Sep 9 19:41:59 CEST 2015

---------- Forwarded message ----------
From: Theo de Raadt
Date: Wed, Sep 9, 2015 at 10:36 AM
Subject: Re: getentropy, getrandom, arc4random()
To: guido at python.org

> Yet another thing. Where do you see that Go and Swift have secure random
> a keyword? Searching for "golang random" gives the math/rand package as
> first hit, which has a note reminding the reader to use crypto/rand for
> security work.

yes, well, look at the other phrase it uses...

    that produces a deterministic sequence of values each time a program is

it documents itself as being decidely non-random.  that documentation
change happened soon after this event:


these days, the one people are using is found using "go secure random"


that opens /dev/urandom or uses the getrandom system call depending on
system.  it also has support for the windows entropy API.  it pulls
data into a large buffer, a cache.  then each subsequent call, it
consumes some, until it rus out, and has to do a fresh read.  it
appears to not clean the buffer behind itself, probably for
performance reasons, so the memory is left active.  (forward secrecy

i don't think they are doing the best they can...  i think they should
get forward secrecy and higher performance by having an in-process
chacha.  but you can sense the trend.

here's an example of the fallout..


> For Swift it's much the same -- there's an arc4random() in
> the Darwin package but nothing in the core language.

that is what people are led to use.

--Guido van Rossum (python.org/~guido)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20150909/62e1b044/attachment.html>

More information about the Python-ideas mailing list