[Python-ideas] Should our default random number generator be secure?

Stefan Krah skrah at bytereef.org
Wed Sep 9 20:43:05 CEST 2015


Tim Peters <tim.peters at ...> writes:
> > we can have another discussion then.
> 
> Also over & over again.  If you volunteer to own responsibility for
> updating all versions of Python each time it changes (in a crypto
> context, an advance in the state of the art implies the prior state
> becomes "a bug"), and post a performance bond sufficient to pay
> someone else to do it if you vanish, then a major pragmatic objection
> would go away 

The OpenBSD devs could also publish arc4random as a library that
works everywhere (like OpenSSH). That would be a nicer solution
for everyone (except for the devs perhaps :).


Stefan Krah





More information about the Python-ideas mailing list