[Python-Dev] PEP 506 secrets module
Nick Coghlan
ncoghlan at gmail.com
Tue Oct 20 05:56:37 EDT 2015
More information about the Python-Dev mailing list
Tue Oct 20 05:56:37 EDT 2015
- Previous message (by thread): [Python-Dev] PEP 506 secrets module
- Next message (by thread): [Python-Dev] PEP 506 secrets module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 20 October 2015 at 11:33, Victor Stinner <victor.stinner at gmail.com> wrote: > 2015-10-20 11:11 GMT+02:00 Nick Coghlan <ncoghlan at gmail.com>: >> Folks wanting to simulate die rolls should be using the random module >> rather than the secrets module anyway, > > Hum, why? Dices are used in Casino where security matters because it > costs money. True, I was thinking of just-for-fun games, but in gambling games unbiased randomness can be significantly more important. > A bad API can be more likely misused and introduce security > vulnerability. The C rand() API is a good example: 1+rand()%6 is not > uniform... "1 + secrets.randbelow(6)" would be uniform, though. As Tim pointed out, the *lack* of flexibility in randbelow() is a feature here, since it focuses on producing a uniformly random distribution of a given size, which can then be transformed deterministically. Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
- Previous message (by thread): [Python-Dev] PEP 506 secrets module
- Next message (by thread): [Python-Dev] PEP 506 secrets module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list