[Python-ideas] PEP 506 (secrets module) and token functions

Steven D'Aprano steve at pearwood.info
Sat Sep 26 15:07:15 CEST 2015

I'm looking for guidance and/or consensus on two issues regarding token* 
functions in secrets: output type, and default values.

The idea is that the module will include a few functions for generating 
tokens, suitable for (say) password recovery, with the 
following signatures:

def token_bytes(nbytes:int) -> bytes:
    """Return nbytes random bytes."""

def token_hex(nbytes:int) -> ???? :
    """Return nbytes random bytes, encoded to hex"""

def token_url(nbytes:int) -> ???? :
    """Return nbytes random bytes, URL-safe base64 encoded."""

Question one:

- token_bytes obviously should return bytes. What should the others 
  return, bytes or str?

Question two:

- Many people will have no idea how many bytes should be used to be 
  confident that it will be hard for an attacker to guess. Earlier, I
  suggested that the three functions include default values for nbytes, 
  and there were no objections. Do we have consensus on this, and if so, 
  what default value should we use?

Question three:

- If we have default values, do we need some sort of documented 
  exception to the general backwards-compatibility requirement?

E.g. suppose we release the module in 3.6.0 with defaults of 32 bytes, 
and in 3.6.2 we discover that's too small and we should have used 64 
bytes. Can we change the default in 3.6.3 without notice?


More information about the Python-ideas mailing list