[Python-ideas] Pre-PEP Adding A Secrets Module To The Standard Library

Serhiy Storchaka storchaka at gmail.com
Mon Sep 21 22:16:52 CEST 2015

On 21.09.15 19:29, Robert Kern wrote:
> On 2015-09-21 17:22, Steven D'Aprano wrote:
>> On Sun, Sep 20, 2015 at 09:00:08AM +0300, Serhiy Storchaka wrote:
>>> On 20.09.15 02:40, Tim Peters wrote:
>>>>   Token functions
>>>>      .token_bytes(nbytes)
>>>>          another name for os.urandom()
>>>>      .token_hex(nbytes)
>>>>          same, but return string of ASCII hex digits
>>>>      .token_url(nbytes)
>>>>          same, but return URL-safe base64-encoded ASCII
>>>>      .token_alpha(alphabet, nchars)
>>>>          string of `nchars` characters drawn uniformly
>>>>          from `alphabet`
>>> token_hex(nbytes) == token_alpha('0123456789abcdef', nchars) ?
>>> token_url(nbytes) == token_alpha(
>>>      'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_',
>>>       nchars) ?
>> They may be reasonable implementations for the functions, but simple as
>> they are, I think we still want to provide them as named functions
>> rather than expect the user to write things like the above. If they're
>> doing it more than once, they'll want to write a helper function, we
>> might as well provide that for them.
> Actually, I don't think those are the semantics that Tim intended.
> Rather, token_hex(nbytes) would return a string twice as long as nbytes.
> The idea is that you want to get nbytes-worth of random bits, just
> encoded in a common "safe" format. Similarly, token_url(nbytes) would
> get nbytes of random bits then base64-encode it, not just pick nbytes
> characters from a URL-safe list of characters. This makes it easier to
> reason about how much entropy you are actually using.

Looks as the semantic of these functions is not so obvious.

May be add generic function that encodes a sequence of bytes with 
specified alphabet?

More information about the Python-ideas mailing list