[Python-ideas] Should our default random number generator be secure?

random832 at fastmail.us random832 at fastmail.us
Wed Sep 9 20:55:01 CEST 2015

On Wed, Sep 9, 2015, at 14:31, Tim Peters wrote:
> Also over & over again.  If you volunteer to own responsibility for
> updating all versions of Python each time it changes (in a crypto
> context, an advance in the state of the art implies the prior state
> becomes "a bug"), and post a performance bond sufficient to pay
> someone else to do it if you vanish, then a major pragmatic objection
> would go away ;-)

I don't see how "Changing Python's RNG implementation today to
arc4random as it exists now" necessarily implies "Making a commitment to
guarantee the cryptographic suitability of Python's RNG for all time".
Those are two separate things.

More information about the Python-ideas mailing list