[Python-Dev] PEP 506 secrets module (original) (raw)
Brian Gladman brg at gladman.plus.com
Sat Oct 17 07:14:14 EDT 2015
- Previous message (by thread): [Python-Dev] PEP 506 secrets module
- Next message (by thread): [Python-Dev] PEP 506 secrets module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, Oct 17, 2015 at 03:26:46AM +1100, Steven D'Aprano wrote:
[snip]
But significanly, only one of the commenters has claimed to have any significant experience in crypto work, and I will quote him:
I didn't specifically claim the experience you requested in responding to your post on comp.lang.python because I thought that this was implied in making a response.
In fact I have 30+ years of experience in implementing cryptographic code (much involving random numbers) so there were at least two respondents who could have made this claim.
For the record, I consider it desirable in code involving security to exhibit the minimum functionality neccessary to get a job done. This is because funtionality and security very often work against each other in building secure systems.
I hence support your conclusion that the module should offer randbelow alone. I would oppose offering randomrange (or offering more than one of them) since this will pretty well guarantee that, sooner or later, someone will make a mistake in using the extra functionality and possibly deploy an insecure application as a result.
Brian Gladman
- Previous message (by thread): [Python-Dev] PEP 506 secrets module
- Next message (by thread): [Python-Dev] PEP 506 secrets module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]