[Python-ideas] Globally configurable random number generation
random832 at fastmail.com
Mon Sep 14 16:16:00 CEST 2015
On Mon, Sep 14, 2015, at 09:51, Donald Stufft wrote:
> I think this particular bit is a bad idea, it makes an official API
> that makes it really hard for an auditor to come into a code base and
> determine if the use of random is correct or not.
It's no worse than what OpenBSD itself has done with the C api for
rand/random/rand48. At some point you've got to balance it with the
realities of making backwards compatibility easy to achieve for the
applications that really do need it with either a few lines change or
none at all. And anyway, the auditor would *know* that if they see a
module-level function called they need to do the extra work to find
out what mode the module-level RNG is in (i.e. yes/no is there anywhere
at all in the codebase that changes it from the secure default?)
It's not an "official API", it's an escape hatch for allowing a minimal
change to existing code that needs the old behavior.
> Given that going back to the MT based algorithm is fairly trivial (and
> could even be mechanical) what's the long ter benefit here?
I don't see how it's trivial/mechanical, *without* the exact feature
More information about the Python-ideas