[Python-ideas] Python's Source of Randomness and the random.py module Redux

Chris Angelico rosuav at gmail.com
Tue Sep 15 10:58:01 CEST 2015

On Tue, Sep 15, 2015 at 6:23 AM, Donald Stufft <donald at stufft.io> wrote:
>> * The security arguments seem to be largely in the context of web
>> application development (cookies, passwords, shared secrets, ...)
>> That's not the only context that matters.
> You're right it's not the only context that matters, however it's often brought
> up for a few reasons:
> * Security largely doesn't matter for software that doesn't accept or send
>  input from some untrusted source which narrows security down to be mostly
>  network based applications.
> * The HTTP protocol is "eating the world" and we're seeing more and more things
>   using it as their communication protocol (even for things that are not
>   traditional browser based applications).
> * Traditional Web Applications/Sites are a pretty large target audience for
>   Python and in particular a lot of the security folks come from that world
>   because the web is a hostile place.

To add to that: Web application development is a *huge* area (every
man and his dog wants a web site, and more than half of them want
logins and users and so on), which means that the number of
non-experts writing security-sensitive code is higher there than in a
lot of places. The only other area I can think of that would be
comparably popular would be mobile app development - and a lot of the
security concerns there are going to be in a web context anyway.

Is it fundamentally insecure to receive passwords over an encrypted
HTTP connection and use those to verify user identities? I don't think
so (although I'm no expert) - it's what you do with them afterward
that matters (improperly hashing - or, worse, using a reversible
transformation). Why are so many people advised not to do user
authentication at all, but to tie in with one of the auth APIs like
Google's or Facebook's? Because it's way easier to explain how to get
that right than to explain how to get security/encryption right.

How bad is it, really, to tell everyone "use random.SystemRandom for
anything sensitive", and leave it at that?


More information about the Python-ideas mailing list