[Python-ideas] PEP 504: Using the system RNG by default

David Mertz mertz at gnosis.cx
Wed Sep 16 18:39:53 CEST 2015

The point here is that the closest we can come to PROTECTING users is to
avoid making false promises to them.

All this talk of "maybe, possibly, secure RNGs" (until they've been
analyzed longer) is just building a house on sand. Maybe ChaCha20 is
completely free of all exploits... It's new-ish, and no one has found any.

The API we really owe users is to create a class
random.BelievedSecureIn2015, and let users utilize that if they like. All
the rest of the proposals are just invitations to create more security
breaches... The specific thing that random.random and MT DOES NOT do.
On Sep 16, 2015 1:29 AM, "Cory Benfield" <cory at lukasa.co.uk> wrote:

> On 16 September 2015 at 08:43, David Mertz <mertz at gnosis.cx> wrote:
> > Hence I affirmatively PREFER a random module that explicitly proclaims
> that
> > it is non-cryptographic.  Someone who figures out enough to use
> > random.SystemRandom, or a future crypto.random, or the like is more
> likely
> > to think about why they are doing so, and what doing so does and does NOT
> > assure them off.
> And what about those that don't? Is our position here "screw 'em, and
> also screw their users"?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20150916/00182a0e/attachment.html>

More information about the Python-ideas mailing list