[Python-ideas] PEP 504: Using the system RNG by default
Donald Stufft
donald at stufft.io
Tue Sep 15 19:50:12 CEST 2015
On September 15, 2015 at 1:34:56 PM, Guido van Rossum (guido at python.org) wrote:
> > I am fine with adding more secure ways of generating random numbers.
> But we already have random.SystemRandom(), so there doesn’t
> seem to be a hurry?
The problem isn't so much that there isn't a way of securely generating random
numbers, but that the module, as it is right now, guides you towards using an
insecure source of random numbers rather than a secure one. This means that
unless you're familar with the random module or reading the online
documentation you don't really have any idea that ``random.random()`` isn't
secure. This is an attractive nuisance for anyone who *doesn't* need
deterministic output from their random numbers and leads to situations where
people are incorrectly using MT when they should be using SystemRandom because
they don't know any better.
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
More information about the Python-ideas
mailing list