[Python-ideas] Pre-PEP Adding A Secrets Module To The Standard Library

Chris Angelico rosuav at gmail.com
Mon Sep 21 18:50:56 CEST 2015

On Tue, Sep 22, 2015 at 2:10 AM, Steven D'Aprano <steve at pearwood.info> wrote:
> Are there use-cases for a strong random float between 0 and 1? If
> so, is it sufficient to say secrets.randbelow(sys.maxsize)/sys.maxsize,
> or should we offer secrets.random() and/or secrets.uniform(a, b)?

I would be leery of such a function, because it'd be hard to define it
perfectly. Tell me, crypto wonks: If I have a function randfloat()
that returns 0.0 <= x < 1.0, is it safe to use it like this:

# Generate an integer 0 <= x < 12345, uniformly distributed
uniform = int(randfloat() * 12345)
# Ditto but on a logarithmic distribution
log = math.exp(randfloat() * math.log(12345))
# Double-logarithmic
loglog = math.exp(math.exp(randfloat() * math.log(math.log(12345))))

If it's producing a random *real number* 0 <= x < 1, then these should
be valid. But given the differences between floats and reals, I would
be worried that this kind of usage would introduce an unexpected bias.
Obviously the first example is much better spelled randbelow or
randrange, but for more complicated examples, grabbing a random float
would look like the best way to do it. Will it? Always?

Not being a crypto wonk myself, I can't know what's safe and what
isn't. If Python is going to offer a new module with the (implicit or
explicit) recommendation "use this for all your cryptographic
entropy", it needs to be 100% reliable.


More information about the Python-ideas mailing list