[Python-ideas] Pre-PEP Adding A Secrets Module To The Standard Library
Serhiy Storchaka
storchaka at gmail.com
Mon Sep 21 22:12:28 CEST 2015
On 21.09.15 19:22, Steven D'Aprano wrote:
> On Sun, Sep 20, 2015 at 09:00:08AM +0300, Serhiy Storchaka wrote:
>> On 20.09.15 02:40, Tim Peters wrote:
>>> No attempt to be minimal here. More-than-less "obvious" is more important:
>>>
>>> Bound methods of a SystemRandom instance
>>> .randrange()
>>> .randint()
>>> .randbits()
>>> renamed from .getrandbits()
>>> .randbelow(exclusive_upper_bound)
>>> renamed from private ._randbelow()
>>> .choice()
>>
>> randbelow() is just an alias for randrange() with single argument.
>> randint(a, b) == randrange(a, b+1).
>>
>> These functions are redundant and they have non-zero cost.
>
> But they already exist in the random module, so adding them to secrets
> doesn't cost anything extra.
The main cost is learning and memorising cost. The fewer words you need
to learn and keep in memory the better.
>> Would not renaming getrandbits be confused?
>>
>>> Token functions
>>> .token_bytes(nbytes)
>>> another name for os.urandom()
>>> .token_hex(nbytes)
>>> same, but return string of ASCII hex digits
>>> .token_url(nbytes)
>>> same, but return URL-safe base64-encoded ASCII
>>> .token_alpha(alphabet, nchars)
>>> string of `nchars` characters drawn uniformly
>>> from `alphabet`
>>
>> token_hex(nbytes) == token_alpha('0123456789abcdef', nchars) ?
>> token_url(nbytes) == token_alpha(
>> 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_',
>> nchars) ?
>
> They may be reasonable implementations for the functions, but simple as
> they are, I think we still want to provide them as named functions
> rather than expect the user to write things like the above. If they're
> doing it more than once, they'll want to write a helper function, we
> might as well provide that for them.
But why these particular alphabets are special? I expect that every
application will use the alphabet that matches its needs. One needs
decimal digits ('0123456789'), other needs English letters
('ABCDEFGHIJKLMNOPQRSTUVWXYZ'), or letters and digits and underscore, or
letters, digits and punctuation, or all safe ASCII characters, or all
well graphical distinguished characters. Why token_hex and token_url,
but not token_digits, token_letters, token_identifier, token_base32,
token_base85, token_html_safe, etc?
More information about the Python-ideas
mailing list