[Python-ideas] Python's Source of Randomness and the random.py module Redux

Donald Stufft donald at stufft.io
Thu Sep 10 13:40:41 CEST 2015

On September 10, 2015 at 5:21:29 AM, Alexander Walters (tritium-list at sdamon.com) wrote:
> > Why in the heck are we trying to make the random module do something 
> that it is already documented as being a poor choice, where there 
> is
> already third party modules that do just this?
> Who needs cryptographic randomness in the standard library 
> anyways (even
> though one line of code give you access to it)? Have we identified 
> even
> ONE person who does cryptography in python who is kicking themselves 
> that they cant use the random module as implemented?

Because there are a situations where you need a securely generated randomness
where you are *NOT* "doing cryptography". Blaming people for the fact that the
random module has a bad UX that naturally leads them to use it when it isn't
appropriate is a shitty thing to do.

What harm is there in making people explicitly choose between deterministic
randomness and secure randomness? Is your use case so much better than theirs
that you thing you deserve to type a few characters less to the detriment of
people who don't know any better?

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

More information about the Python-ideas mailing list