[Python-ideas] Python's Source of Randomness and the random.py module Redux

Petr Viktorin encukou at gmail.com
Fri Sep 11 10:08:38 CEST 2015


On Fri, Sep 11, 2015 at 6:54 AM, Chris Angelico <rosuav at gmail.com> wrote:
> On Fri, Sep 11, 2015 at 2:44 PM, Stephen J. Turnbull <stephen at xemacs.org> wrote:
>> I suppose it would be too magic to have the seed method substitute the
>> traditional PRNG for the default, while an implicitly seeded RNG
>> defaults to a crypto strong algorithm?
>
> Ooh. Actually, I rather like that idea. If you don't seed the RNG, its
> output will be unpredictable; it doesn't matter whether it's a PRNG
> seeded by an unknown number, a PRNG seeded by /dev/urandom, a CSRNG,
> or just reading from /dev/urandom every time. Until you explicitly
> request determinism, you don't have it. If Python changes its RNG
> algorithm and you haven't been seeding it, would you even know? Could
> it ever matter to you?
>
> It would require a bit of an internals change; is it possible that
> code depends on random.seed and random.randint are bound methods of
> the same object? To implement what you describe, they'd probably have
> to not be.

I've also thought about this idea. The problem with it is that seed()
and friends affect a global instance of Random.
If, after this change, there was a library that used random.random()
for crypto, calling seed() in the main program (or any other library)
would make it insecure. So we'd still be in a situation where nobody
should use random() for crypto.


More information about the Python-ideas mailing list