[Python-ideas] Pre-PEP Adding A Secrets Module To The Standard Library

Nick Coghlan ncoghlan at gmail.com
Tue Sep 22 14:03:06 CEST 2015

On 22 September 2015 at 18:26, Jonas Wielicki <j.wielicki at sotecware.net> wrote:
> On 20.09.2015 02:27, Chris Angelico wrote:
>> My personal preference for shed colour: token_bytes returns a
>> bytestring, its length being the number provided. All the others
>> return Unicode strings, their lengths again being the number provided.
>> So they're all text bar the one that explicitly says it's in bytes.
> My personal preference would be for the number of bytes to rather
> reflect the entropy in the result. This would be a safer use when
> migrating from using e.g. token_url to token_alpha with the base32
> alphabet [1], for example because you want to have better readable tokens.

This isn't something to decide by personal preference, it's something
to be decide by considering the consequences of someone
misunderstanding the API and not noticing that the result isn't what
they expected.

Scenario 1: API specifies bytes of entropy

Consequence of misunderstanding: result is twice as long as expected,
with more entropy than expected

Scenario 2: API specifies length of result

Consequence of misunderstanding: result is half as long as expected,
with less entropy than expected

Scenario 1 fails safe, scenario 2 doesn't, so for the APIs that are
just reversible data transforms around os.urandom, it makes the most
sense to specify the number of bytes of entropy you want.

Building a password from an alphabet is different, as that involves
repeated applications of secrets.choice() to the given alphabet, so
you need to specify the result length directly.


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Python-ideas mailing list