[Python-ideas] PEP 504: Using the system RNG by default
Antoine Pitrou
antoine at python.org
Fri Sep 18 17:50:42 CEST 2015
Nick Coghlan <ncoghlan at ...> writes:
>
> On 17 September 2015 at 04:55, Tim Peters <tim.peters at ...> wrote:
> > [Brett Cannon <brett at ...>]
> >> And if yes to a PEP, who's writing it? And then who is writing the
> >> implementation in the end?
> >
> > Did you just volunteer? Great! Thanks OK, Steven already
> > volunteered to write a PEP for his proposal.
>
> As far as implementation goes, based on a separate discussion at
> https://github.com/pyca/cryptography/issues/2347, I believe the
> essential cases can all be covered by:
>
> def random_bits(bits):
> return os.urandom(bits//8)
>
> def random_int(bits):
> return int.from_bytes(random_bits(bits), byteorder="big")
>
> def random_token(bits):
> return base64.urlsafe_b64encode(random_bits(bits)).decode("ascii")
>
> def random_hex_digits(bits):
> return binascii.hexlify(random_bits(bits)).decode("ascii")
I think you want a little bit more flexibility than that, because the
allowed characters may depend on the specific protocol (of course,
people can use the hex digits version, but the output is longer).
(quite a good idea, that "secrets" library - I wonder why nobody proposed
it before ;-))
Regards
Antoine.
More information about the Python-ideas
mailing list