[Python-ideas] Should our default random number generator be secure?

random832 at fastmail.us random832 at fastmail.us
Wed Sep 9 19:54:14 CEST 2015

On Wed, Sep 9, 2015, at 13:43, Donald Stufft wrote:
> arc4random changes as the underlying implementation changes too, the name
> is a
> historical accident really. arc4random no longer uses arc4 it uses
> chacha, and
> when/if chacha needs to be replaced, arc4random will still be the name.

The issue is, what should Python do, if the decision is made to not
provide its own RNG [presumably would be a forked copy of OpenBSD's
current arc4random] on systems that do not provide a function named
arc4random? Use /dev/urandom (or CryptGenRandom) every time [more
expensive, performs I/O]? rand48? random? rand?

I don't see the issue with Python providing its own implementation. If
the state of the art changes, we can have another discussion then.

More information about the Python-ideas mailing list