[Python-Dev] PEP 506 secrets module (original) (raw)
Serhiy Storchaka storchaka at gmail.com
Fri Oct 16 11:35:14 EDT 2015
- Previous message (by thread): [Python-Dev] PEP 506 secrets module
- Next message (by thread): [Python-Dev] PEP 506 secrets module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 16.10.15 09:57, Victor Stinner wrote:
I suggest to raise an error if tokenbytes(n) if calls with n < 16 bytes (128 bits). Well, I'm not sure that 16 is the good compromise between performance and security, but we must enforce users to use a minimum number of bits of entropy. tokenbytes(1) looks valid, even tokenbytes(0), according to the Python code in the PEP.
This will provoke to write code token_bytes(16)[:5].
I don't like the idea how having two functions doing almost the same thing: randint() and randrange(). There is a risk that these functions will be misused. I consider that I know some stuff on PRNG but I'm still confused by randint() and randrange(). Usually, I open python and type:
x=[s.randrange(1,6) for n in range(100)] min(x), max(x) (1, 5) Hum, ok, it's not a good dice :-) I probably wanted to use randint(). So I suggest to only add randint() to secrets.
I suggest to add only randrange(). randint() is historical artefact, we shouldn't repeat this mistake in new module. The secrets module is not good way to generate dice rolls. In most other cases you need to generate integers in half-open interval [0; N).
And randbelow() is absolute redundant. Random._randbelow() is implementation detail and I inclined to get rid of it (implementing randrange() in C instead).
- Previous message (by thread): [Python-Dev] PEP 506 secrets module
- Next message (by thread): [Python-Dev] PEP 506 secrets module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]