[Python-Dev] [Python-checkins] cpython: Remove the redundant and poorly worded warning message.
Alex Gaynor
alex.gaynor at gmail.com
Sat May 10 23:18:22 CEST 2014
Hi python-dev and Raymond,
I think this change is a considerable usability regression for the
documentation. Right now the warnings about CSPRNGs are hidden in the
introductory paragraph, which users are likely to skip. I agree that
there's no need to repeat the same advice twice, but I'd much rather we
kept the ".. warning:: " version, so users are more likely to actually read
it.
Also, there's a few errors with your commit message. First, we can
reasonably assert that urandom provides an acceptable CSPRNG, mostly
because it does on every platform I'm aware of. Second, urandom is still a
psuedo-random number generator, however they are cryptographically secure,
it's not "more random". Wikipedia does a good job laying out the necessary
properties for a CSPRNG:
https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator#Requirements
Cheers,
Alex
On Sat, May 10, 2014 at 2:05 PM, raymond.hettinger <
python-checkins at python.org> wrote:
> http://hg.python.org/cpython/rev/b466dc34b86e
> changeset: 90618:b466dc34b86e
> parent: 90616:ce070040e1a6
> user: Raymond Hettinger <python at rcn.com>
> date: Sat May 10 14:05:28 2014 -0700
> summary:
> Remove the redundant and poorly worded warning message.
>
> The paragraph above already says, clearly and correctly, that
> "However, being completely deterministic, it is not suitable for
> all purposes, and is completely unsuitable for cryptographic purposes."
>
> Also we should make any promises about SystemRandom or os.urandom()
> being cryptographically secure (they may be, but be can't validate
> that promise). Further, those are actual random number generators
> not psuedo-random number generators.
>
> files:
> Doc/library/random.rst | 6 ------
> 1 files changed, 0 insertions(+), 6 deletions(-)
>
>
> diff --git a/Doc/library/random.rst b/Doc/library/random.rst
> --- a/Doc/library/random.rst
> +++ b/Doc/library/random.rst
> @@ -43,12 +43,6 @@
> uses the system function :func:`os.urandom` to generate random numbers
> from sources provided by the operating system.
>
> -.. warning::
> -
> - The pseudo-random generators of this module should not be used for
> - security purposes. Use :func:`os.urandom` or :class:`SystemRandom` if
> - you require a cryptographically secure pseudo-random number generator.
> -
>
> Bookkeeping functions:
>
>
> --
> Repository URL: http://hg.python.org/cpython
>
> _______________________________________________
> Python-checkins mailing list
> Python-checkins at python.org
> https://mail.python.org/mailman/listinfo/python-checkins
>
>
--
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140510/5beba5d4/attachment.html>
More information about the Python-Dev
mailing list