[Python-ideas] PEP 504: Using the system RNG by default

Nick Coghlan ncoghlan at gmail.com
Wed Sep 16 07:59:04 CEST 2015

On 16 September 2015 at 14:12, Guido van Rossum <guido at python.org> wrote:
> Security isn't served well by panicky over-reaction.

Proposing a change in 2015 that wouldn't be released to the public
until early 2017 or so isn't exactly panicking. (And the thing that
changed for me that prompted me to write the PEP was finally figuring
out a remotely plausible migration plan to address the backwards
compatibility concerns, rather than anything on the security side)

As I wrote in the PEP, this kind of problem is a chronic one, not an
acute one, where security engineers currently waste a *lot* of their
(and other people's) time on remedial firefighting - a security audit
(or a breach investigation) detects a vulnerability, high priority
issues get filed with affected projects, nobody goes home happy.

Accordingly, my proposal is aimed as much at eliminating the perennial
"But *why* can't I use the random module for security sensitive
tasks?" argument as it is at anything else. I'd like the answer to
that question to eventually be "Sure, you can use the random module
for security sensitive tasks, so let's talk about something more
important, like why you're collecting and storing all this sensitive
personally identifiable information in the first place".


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Python-ideas mailing list