[Python-ideas] Should our default random number generator be secure?
Tim Peters
tim.peters at gmail.com
Thu Sep 10 03:55:06 CEST 2015
[Alexander Walters <tritium-list at sdamon.com>]
> In a word - No.
>
> There is zero reason for people doing crypto to use the random module,
> therefor we should not change the random module to be cryptographically
> secure.
>
> Don't break things and slow my code down by default for dubious reasons,
> please.
Would your answer change if a crypto generator were _faster_ than MT?
MT isn't speedy by modern standards, and is cache-hostile (about 2500
bytes of mutable state).
Not claiming a crypto hash _would_ be faster. But it is possible.
More information about the Python-ideas
mailing list