[Python-ideas] Should our default random number generator be secure?

random832 at fastmail.us random832 at fastmail.us
Wed Sep 9 23:15:39 CEST 2015

On Wed, Sep 9, 2015, at 17:02, Nathaniel Smith wrote:
> Keeping that promise in mind, an alternative would be to keep both
> generators around, use the cryptographically secure one by default, and
> switch to MT when someone calls
>   seed(1234, generator="INSECURE LEGACY MT")
> But this would justifiably get us crucified by the security community,
> because the above call would flip the insecure switch for your entire
> program, including possibly other modules that were depending on random
> to
> provide secure bits.

Ideally, neither the crypto bits nor the science bits of a big program
should be using the module-level functions. A small program either
hasn't got both kinds of bits, or won't be using them at the same time.
And if you've got non-science bits doing stuff with your RNG then your
results probably aren't going to be reproducible anyway.

Which suggests a solution: How about exposing a way to switch out the
Random instance used by the module-level functions? The instance itself
exists now as random._inst, but the module just spews its bound methods
all over its namespace. (Long-term, it might make sense to deprecate the
module-level functions)

More information about the Python-ideas mailing list