[Python-ideas] Python's Source of Randomness and the random.py module Redux

Donald Stufft donald at stufft.io
Thu Sep 10 20:19:20 CEST 2015

On September 10, 2015 at 2:08:46 PM, Akira Li (4kir4.1i at gmail.com) wrote:
> "security minded folks" [1] recommend "always use os.urandom()" and
> advise against *random* module [2,3] despite being aware of
> random.SystemRandom() [4]
> i.e., if they are right then *random* module probably only need to care
> about group #1 and avoid creating the false sense of security in group #3.

Maybe you didn't notice you’re talking to the third name in the list of authors
that you linked too, but that documentation is there primarily because the
random module's API is problematic and it's easier to recommend people to not
use it than to try and explain how to use it safely.

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

More information about the Python-ideas mailing list