[Python-ideas] Pre-PEP Adding A Secrets Module To The Standard Library

Steven D'Aprano steve at pearwood.info
Mon Sep 21 18:10:59 CEST 2015

On Sat, Sep 19, 2015 at 06:40:32PM -0500, Tim Peters wrote:
> [Guido]
> > Thanks! I'd accept this (and I'd reject 504 at the same time). I like the
> > secrets name. I wonder though, should the PEP propose a specific set of
> > functions? (With the understanding that we might add more later.)
> The bikeshedding on that will be far more tedious than the
> implementation.  I'll get it started :-)
> No attempt to be minimal here.  More-than-less "obvious" is more important:
> Bound methods of a SystemRandom instance
>     .randrange()
>     .randint()
>     .randbits()
>         renamed from .getrandbits()
>     .randbelow(exclusive_upper_bound)
>         renamed from private ._randbelow()
>     .choice()

While we're bike-shedding, I don't know that I like the name randbits, 
since that always makes me expect a sequence of 0, 1 bits. But that's a 
minor point.

When would somebody use randbelow(n) rather than randrange(n)?

Apart from the possible redundancy between rand[below|range], all the 
above seem reasonable to me.

Are there use-cases for a strong random float between 0 and 1? If 
so, is it sufficient to say secrets.randbelow(sys.maxsize)/sys.maxsize, 
or should we offer secrets.random() and/or secrets.uniform(a, b)?

>  Token functions
>     .token_bytes(nbytes)
>         another name for os.urandom()
>     .token_hex(nbytes)
>         same, but return string of ASCII hex digits
>     .token_url(nbytes)
>         same, but return URL-safe base64-encoded ASCII

I suggest adding a default length, say nbytes=32, with a note that the 
default length is expected to increase in the future. Otherwise, how 
will the naive user know what counts as a good, hard-to-attack length?

All of the above look good to me.

>     .token_alpha(alphabet, nchars)
>         string of `nchars` characters drawn uniformly
>         from `alphabet`

What is the intention for this function? To use as passwords? Other than 
that, it's not obvious to me what that would be used for.


More information about the Python-ideas mailing list