[Python-ideas] Python's Source of Randomness and the random.py module Redux

Donald Stufft donald at stufft.io
Thu Sep 10 21:24:21 CEST 2015

On September 10, 2015 at 2:40:54 PM, Akira Li (4kir4.1i at gmail.com) wrote:

> "it's easier to recommend people to not use it than to try and explain how
> to use it safely." that is exactly the point
> if random.SystemRandom() is not safe to use while being based on "secure"
> os.urandom() then providing the same API based on (possibly less secure)
> arc4random() won't be any safer.

"If the mountain won't come to Muhammad then Muhammad must go to the mountain."

In other words, we can write all the documentation in the world we want, and it
doesn't change the simple fact that by choosing a default, there is going to be
some people who will use it when it's inappropiate due to the fact that it is
the default. The pratical effect of changing the default will be that some
cases are broken, but in a way that is obvious and trivial to fix, some cases
won't have any pratical effect at all, and finally, for some people it's going
to take code that was previously completely insecure and make it either secure
or harder to exploit for people who are incorrectly using the API.

I wouldn't expect the documentation in pyca/cryptography to change, it'd still
recommend people to use os.urandom directly and we'd still recommend that
people should use SystemRandom/os.urandom in the random.py docs for things that
need to be cryptographically secure, this is just a safety net for people who
don't know or didn't listen.

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

More information about the Python-ideas mailing list