[Python-ideas] Pre-PEP Adding A Secrets Module To The Standard Library

Jonas Wielicki j.wielicki at sotecware.net
Tue Sep 22 10:26:13 CEST 2015

On 20.09.2015 02:27, Chris Angelico wrote:
> On Sun, Sep 20, 2015 at 10:19 AM, Tim Peters <tim.peters at gmail.com> wrote:
>> [Chris Angelico <rosuav at gmail.com>]
>>> token_bytes "obviously" should return a bytes,
>> Which os.urandom() does in Python 3.  I'm not writing docs, just
>> suggesting the functions.
>>> and token_alpha equally obviously should be returning a str.
>> Which part of "string" doesn't suggest "str"?
>>> (Or maybe it should return the same type as alphabet, which
>>> could be either?)
>>> : What about the other two?
>> Which part of "ASCII" is ambiguous?
>>> Also, if you ask for 4 bytes from token_hex, do you get 4 hex
>>> digits or 8 (four bytes of entropy)?
>> And which part of "same"?  ;-)
>> Bikeshed away.;  I'm outta this now ;-)
> Heh :)
> My personal preference for shed colour: token_bytes returns a
> bytestring, its length being the number provided. All the others
> return Unicode strings, their lengths again being the number provided.
> So they're all text bar the one that explicitly says it's in bytes.

My personal preference would be for the number of bytes to rather
reflect the entropy in the result. This would be a safer use when
migrating from using e.g. token_url to token_alpha with the base32
alphabet [1], for example because you want to have better readable tokens.

Speaking of which, a token_base32 would probably make sense, too.


   [1]: https://philzimmermann.com/docs/human-oriented-base-32-encoding.txt

More information about the Python-ideas mailing list