[Python-ideas] Should our default random number generator be secure?
Stefan Krah
skrah at bytereef.org
Wed Sep 9 20:43:05 CEST 2015
Tim Peters <tim.peters at ...> writes:
> > we can have another discussion then.
>
> Also over & over again. If you volunteer to own responsibility for
> updating all versions of Python each time it changes (in a crypto
> context, an advance in the state of the art implies the prior state
> becomes "a bug"), and post a performance bond sufficient to pay
> someone else to do it if you vanish, then a major pragmatic objection
> would go away
The OpenBSD devs could also publish arc4random as a library that
works everywhere (like OpenSSH). That would be a nicer solution
for everyone (except for the devs perhaps :).
Stefan Krah
More information about the Python-ideas
mailing list