[Python-ideas] PEP 506 (secrets module) and token functions

Serhiy Storchaka storchaka at gmail.com
Sat Sep 26 15:56:09 CEST 2015

On 26.09.15 16:07, Steven D'Aprano wrote:
> Question one:
> - token_bytes obviously should return bytes. What should the others
>    return, bytes or str?

Why don't left conversion to the user? You can provide simple receipts 
in the documentation.

def token_hex(nbytes):
     return token_bytes(nbytes).hex()

def token_url(nbytes):
     return base64.urlsafe_b64encode(token_bytes(nbytes)).rstrip(b'=')

We don't know what functions are needed by users. After the secrets 
module is widely used, we could gather the statistics of most popular 
patterns and add some of them in the stdlib.

> Question two:
> - Many people will have no idea how many bytes should be used to be
>    confident that it will be hard for an attacker to guess. Earlier, I
>    suggested that the three functions include default values for nbytes,
>    and there were no objections. Do we have consensus on this, and if so,
>    what default value should we use?

I would made the nbytes argument mandatory, and exposed recommended 
values in examples.

 >>> secrets.token_bytes(32)

More information about the Python-ideas mailing list