[Python-ideas] PEP 504: Using the system RNG by default

Paul Moore p.f.moore at gmail.com
Wed Sep 16 20:08:20 CEST 2015

On 16 September 2015 at 16:54, Steven D'Aprano <steve at pearwood.info> wrote:
> If there is interest in this proposed secrets module, I'll write up a
> proto-PEP over the weekend, and start a new thread for the benefit of
> those who have muted this one.

I love this idea. The name is perfect, and your motivational
discussion fits exactly how I think we should be approaching security.

Would it also be worth having secrets.password(alphabet, length) -
generate a random password of length "length" from alphabet
"alphabet". It's not going to cover every use case, but it immediately
becomes the obvious answer to all those "how do I generate a password"
SO questions people keep pointing at.

Also, a backport version could be made available via PyPI.

I don't see why the module couldn't use random.SystemRandom as its
CSPRNG (and as a result be pure Python) but that can be an
implementation detail the security specialists can argue over if they
want. No need to expose it here (although if it's useful, republishing
(some more of) its API without exposing the implementation, just like
the proposed secrets.choice, would be fine).


More information about the Python-ideas mailing list