[Python-ideas] PEP 504: Using the system RNG by default

Sturla Molden sturla.molden at gmail.com
Tue Sep 15 17:40:57 CEST 2015

On 15/09/15 16:47, Nick Coghlan wrote:

> * providing random.system and random.seedable submodules so you can
> explicitly opt in to using the one you want without having to manage
> your own RNG instances

I do not think these names are helpful. The purpose was to increase 
security, not confuse the user even more. What does "seedable" mean? 
Secure as in ChaCha20? Insecure as in MT19937? Something else? A name 
like "seedable" does not convey any useful information about the 
security to an un(der)informed web developer. A name like 
"random.system" does not convey any information about numerical 
applicability to an  un(der)informed researcher.

The module names should rather indicate how the generators are intended 
to be used. I suggest:

random.crypto.*    (os.urandom, ChaCha20, Arc4Random)
random.numeric.*   (Mersenne Twister, PCG, XorShift)

Deprecate random.random et al. with a visible warning. That should 
convey the message.


More information about the Python-ideas mailing list