[Python-Dev] PEP 506 secrets module (original) (raw)
Nick Coghlan ncoghlan at gmail.com
Tue Oct 20 05:56:37 EDT 2015
- Previous message (by thread): [Python-Dev] PEP 506 secrets module
- Next message (by thread): [Python-Dev] PEP 506 secrets module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 20 October 2015 at 11:33, Victor Stinner <victor.stinner at gmail.com> wrote:
2015-10-20 11:11 GMT+02:00 Nick Coghlan <ncoghlan at gmail.com>:
Folks wanting to simulate die rolls should be using the random module rather than the secrets module anyway, Hum, why? Dices are used in Casino where security matters because it costs money.
True, I was thinking of just-for-fun games, but in gambling games unbiased randomness can be significantly more important.
A bad API can be more likely misused and introduce security vulnerability. The C rand() API is a good example: 1+rand()%6 is not uniform...
"1 + secrets.randbelow(6)" would be uniform, though. As Tim pointed out, the lack of flexibility in randbelow() is a feature here, since it focuses on producing a uniformly random distribution of a given size, which can then be transformed deterministically.
Cheers, Nick.
-- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
- Previous message (by thread): [Python-Dev] PEP 506 secrets module
- Next message (by thread): [Python-Dev] PEP 506 secrets module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]