[Python-ideas] Should our default random number generator be secure?

M.-A. Lemburg mal at egenix.com
Thu Sep 10 17:59:10 CEST 2015

On 10.09.2015 15:39, Stefan Krah wrote:
> M.-A. Lemburg <mal at ...> writes:
>> Reading this thread is fun, but it doesn't seem to be getting
>> anywhere - perhaps that's part of the fun 
>> Realistically, I see two options:
>>  1. Someone goes and implements the OpenBSD random function in C
>>     and put a package up on PyPI, updating it whenever OpenBSD
>>     thinks that a new algorithm is needed or a security issue
>>     has to be fixed (from my experience with other crypto software
>>     like OpenSSL, this should be on the order of every 2-6 months )
> The sane option would be to use the OpenBSD libcrypto, which seems to
> be part of their OpenSSL fork (libressl), just like libcrypto is part
> of OpenSSL.

Well, we already link to OpenSSL for SSL and hashes. I guess exposing
the OpenSSL RAND interface in a module would be the easiest way
to go about this.

pyOpenSSL already does this:


More pointers:

What's nice about the API is that you can add entropy as you
find it.

> Then the crypto maintenance would be delegated to the distributions.
> I would even be interested in writing such a package, but it would
> be external and non-redistributable for well-known reasons. :)

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, Sep 10 2015)
>>> Python Projects, Coaching and Consulting ...  http://www.egenix.com/
>>> mxODBC Plone/Zope Database Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
2015-09-18: PyCon UK 2015 ...                               8 days to go

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Python-ideas mailing list