[Python-ideas] Should our default random number generator be secure?

random832 at fastmail.us random832 at fastmail.us
Wed Sep 9 20:08:56 CEST 2015

On Wed, Sep 9, 2015, at 14:00, Stefan Krah wrote:
> My intuition is that if someone just uses a random() function
> without checking if it's cryptographically secure then the
> application will probably have other holes as well.  I mean,
> for example no one is going to use C's rand() function for crypto.

Let's turn the question around - what's the _benefit_ of having a random
number generator available that _isn't_ cryptographically secure? One
possible argument is performance. If that's the issue - what are our
performance targets? How can they be measured? Another argument is that
some applications really do need deterministic seeding. Is there a
reason not to require them to be explicit about it?

More information about the Python-ideas mailing list