[Python-Dev] PEP 506 secrets module
Brian Gladman
brg at gladman.plus.com
Sat Oct 17 07:14:14 EDT 2015
More information about the Python-Dev mailing list
Sat Oct 17 07:14:14 EDT 2015
- Previous message (by thread): [Python-Dev] PEP 506 secrets module
- Next message (by thread): [Python-Dev] PEP 506 secrets module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> On Sat, Oct 17, 2015 at 03:26:46AM +1100, Steven D'Aprano wrote: [snip] > But significanly, only *one* of the commenters has claimed to have > any significant experience in crypto work, and I will quote him: I didn't specifically claim the experience you requested in responding to your post on comp.lang.python because I thought that this was implied in making a response. In fact I have 30+ years of experience in implementing cryptographic code (much involving random numbers) so there were at least two respondents who could have made this claim. For the record, I consider it desirable in code involving security to exhibit the minimum functionality neccessary to get a job done. This is because funtionality and security very often work against each other in building secure systems. I hence support your conclusion that the module should offer randbelow alone. I would oppose offering randomrange (or offering more than one of them) since this will pretty well guarantee that, sooner or later, someone will make a mistake in using the extra functionality and possibly deploy an insecure application as a result. Brian Gladman
- Previous message (by thread): [Python-Dev] PEP 506 secrets module
- Next message (by thread): [Python-Dev] PEP 506 secrets module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list