[Python-ideas] Pre-PEP Adding A Secrets Module To The Standard Library
Steven D'Aprano
steve at pearwood.info
Mon Sep 21 19:55:40 CEST 2015
On Tue, Sep 22, 2015 at 02:50:56AM +1000, Chris Angelico wrote:
> On Tue, Sep 22, 2015 at 2:10 AM, Steven D'Aprano <steve at pearwood.info> wrote:
> > Are there use-cases for a strong random float between 0 and 1? If
> > so, is it sufficient to say secrets.randbelow(sys.maxsize)/sys.maxsize,
> > or should we offer secrets.random() and/or secrets.uniform(a, b)?
>
> I would be leery of such a function, because it'd be hard to define it
> perfectly. Tell me, crypto wonks: If I have a function randfloat()
> that returns 0.0 <= x < 1.0, is it safe to use it like this:
>
> # Generate an integer 0 <= x < 12345, uniformly distributed
> uniform = int(randfloat() * 12345)
> # Ditto but on a logarithmic distribution
> log = math.exp(randfloat() * math.log(12345))
> # Double-logarithmic
> loglog = math.exp(math.exp(randfloat() * math.log(math.log(12345))))
I'm satisfied by Nick's response to you, which also implies an answer to
my question: there is no good use-case for a strong random float and no
need for secrets.random().
The main reason I asked is because Ruby's SecureRandom.random_number()
optionally returns a float between 0 and 1.
--
Steve
More information about the Python-ideas
mailing list