[Python-ideas] Pre-PEP Adding A Secrets Module To The Standard Library
steve at pearwood.info
Mon Sep 21 18:22:26 CEST 2015
On Sun, Sep 20, 2015 at 09:00:08AM +0300, Serhiy Storchaka wrote:
> On 20.09.15 02:40, Tim Peters wrote:
> >No attempt to be minimal here. More-than-less "obvious" is more important:
> >Bound methods of a SystemRandom instance
> > .randrange()
> > .randint()
> > .randbits()
> > renamed from .getrandbits()
> > .randbelow(exclusive_upper_bound)
> > renamed from private ._randbelow()
> > .choice()
> randbelow() is just an alias for randrange() with single argument.
> randint(a, b) == randrange(a, b+1).
> These functions are redundant and they have non-zero cost.
But they already exist in the random module, so adding them to secrets
doesn't cost anything extra. It's just a reference to the bound method
of the private SystemRandom() instance:
# suggested implementation
_systemrandom = random.SystemRandom()
randrange = _systemrandom.randrange
> Would not renaming getrandbits be confused?
> > Token functions
> > .token_bytes(nbytes)
> > another name for os.urandom()
> > .token_hex(nbytes)
> > same, but return string of ASCII hex digits
> > .token_url(nbytes)
> > same, but return URL-safe base64-encoded ASCII
> > .token_alpha(alphabet, nchars)
> > string of `nchars` characters drawn uniformly
> > from `alphabet`
> token_hex(nbytes) == token_alpha('0123456789abcdef', nchars) ?
> token_url(nbytes) == token_alpha(
> nchars) ?
They may be reasonable implementations for the functions, but simple as
they are, I think we still want to provide them as named functions
rather than expect the user to write things like the above. If they're
doing it more than once, they'll want to write a helper function, we
might as well provide that for them.
More information about the Python-ideas