[Python-ideas] Should our default random number generator be secure?

Tim Peters tim.peters at gmail.com
Thu Sep 10 03:55:06 CEST 2015

[Alexander Walters <tritium-list at sdamon.com>]
> In a word - No.
> There is zero reason for people doing crypto to use the random module,
> therefor we should not change the random module to be cryptographically
> secure.
> Don't break things and slow my code down by default for dubious reasons,
> please.

Would your answer change if a crypto generator were _faster_ than MT?
MT isn't speedy by modern standards, and is cache-hostile (about 2500
bytes of mutable state).

Not claiming a crypto hash _would_ be faster.  But it is possible.

More information about the Python-ideas mailing list