Home Original page

Message 267978 - Python tracker

Message267978

Author larry
Recipients christian.heimes, larry, lemburg
Date 2016-06-09.08:07:00
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1465459621.0.0.949649488814.issue27279@psf.upfronthosting.co.za>
In-reply-to
Content 
I +1 on new functions that are designated the best-practice places to get your pseudo-random numbers.

(IDK if the best place for both is in random; maybe the crypto one should be in secrets?)

To be precise: on most OSes what you're calling "crypto random data" is actually "crypto-quality pseudo-random data".  Very few platforms provide genuine random data--rather, they seed a CPRNG and give you data from that.  (And then the cryptographers have endless arguments about whether the CPRNG is really crypto-safe.)

I'm -1 on actually deprecating os.urandom().  It should be left alone, as a thin wrapper around /dev/urandom.  I imagine your cryptorandom() and pseudorandom() functions would usually be written in Python and just import and use the appropriate function on a platform-by-platform basis.
History
Date User Action Args
2016-06-09 08:07:01larrysetrecipients: + larry, lemburg, christian.heimes
2016-06-09 08:07:01larrysetmessageid: <1465459621.0.0.949649488814.issue27279@psf.upfronthosting.co.za>
2016-06-09 08:07:00larrylinkissue27279 messages
2016-06-09 08:07:00larrycreate