[Python-ideas] Should our default random number generator be secure?
Serhiy Storchaka
storchaka at gmail.com
Wed Sep 9 19:18:39 CEST 2015
On 09.09.15 19:35, Guido van Rossum wrote:
> I've invited Theo to join this list but he's too busy. The two core
> Python experts on the random module have given me opinions suggesting
> that there's not much wrong with MT, so here I am. Who is right? What
> should we do? Is there anything we need to do?
Entropy -- limited and slowly recoverable resource (especially if there
is no network activity). If you consume it too quickly (for example in a
scientific simulation or in a game), it will not have time to recover,
that will slow down not only your program, but all consumers of entropy.
The use of random.SystemRandom by default looks dangerous. It is
unlikely that all existing programs will be rewritten to use
random.FastInsecureRandom.
More information about the Python-ideas
mailing list