[Python-ideas] Python's Source of Randomness and the random.py module Redux
Antoine Pitrou
antoine at python.org
Mon Sep 14 14:59:00 CEST 2015
Nick Coghlan <ncoghlan at ...> writes:
>
> On 11 September 2015 at 02:05, Brett Cannon <brett at ...> wrote:
> > +1 for deprecating module-level functions and putting everything into
> > classes to force a choice
>
> -1000, as this would be a *huge* regression in Python's usability for
> educational use cases. (Think 7-8 year olds that are still learning to
> read, not teenagers or adults with more fully developed vocabularies)
Fully agreed with Nick. That this is being seriously considered
shows a massive disregard for usability. Python is not C++, it places
convenience first.
Besides, a deterministic RNG is a feature: you can reproduce exactly
a random sequence by re-using the same seed, which helps fix rare
input-dependent failures (we actually have good example of that in
CPython development with `regrtest -r`). Good luck debugging such
issues when using a RNG which reseeds itself in a random (!) way.
Endly, the premise of this discussion is idealistic in the first place.
If someone doesn't realize their code is security-sensitive, there
are other mistakes they will make than simply choosing the wrong
RNG. If you want to help people generate secure passwords, best would
be perhaps to write a password-generating (or more generally
secret-generating, for different kinds of secrets: passwords, session
ids, etc.) library.
Regards
Antoine.
More information about the Python-ideas
mailing list