Message267978
I +1 on new functions that are designated the best-practice places to get your pseudo-random numbers.
(IDK if the best place for both is in random; maybe the crypto one should be in secrets?)
To be precise: on most OSes what you're calling "crypto random data" is actually "crypto-quality pseudo-random data". Very few platforms provide genuine random data--rather, they seed a CPRNG and give you data from that. (And then the cryptographers have endless arguments about whether the CPRNG is really crypto-safe.)
I'm -1 on actually deprecating os.urandom(). It should be left alone, as a thin wrapper around /dev/urandom. I imagine your cryptorandom() and pseudorandom() functions would usually be written in Python and just import and use the appropriate function on a platform-by-platform basis. |
|
Date |
User |
Action |
Args |
2016-06-09 08:07:01 | larry | set | recipients:
+ larry, lemburg, christian.heimes |
2016-06-09 08:07:01 | larry | set | messageid: <1465459621.0.0.949649488814.issue27279@psf.upfronthosting.co.za> |
2016-06-09 08:07:00 | larry | link | issue27279 messages |
2016-06-09 08:07:00 | larry | create | |
|