[Python-ideas] Should our default random number generator be secure?

Stefan Krah skrah at bytereef.org
Thu Sep 10 15:39:31 CEST 2015

M.-A. Lemburg <mal at ...> writes:
> Reading this thread is fun, but it doesn't seem to be getting
> anywhere - perhaps that's part of the fun 
> Realistically, I see two options:
>  1. Someone goes and implements the OpenBSD random function in C
>     and put a package up on PyPI, updating it whenever OpenBSD
>     thinks that a new algorithm is needed or a security issue
>     has to be fixed (from my experience with other crypto software
>     like OpenSSL, this should be on the order of every 2-6 months )

The sane option would be to use the OpenBSD libcrypto, which seems to
be part of their OpenSSL fork (libressl), just like libcrypto is part
of OpenSSL.

Then the crypto maintenance would be delegated to the distributions.

I would even be interested in writing such a package, but it would
be external and non-redistributable for well-known reasons. :)

Stefan Krah

More information about the Python-ideas mailing list