[Python-ideas] Should our default random number generator be secure?

[Paul Moore]

On 9 September 2015 at 20:33, Stefan Krah <skrah at bytereef.org> wrote:
> Steven D'Aprano <steve at ...> writes:
>> Question, aimed at anyone, not necessarily random832 -- one desirable
>> property of PRNGs is that you can repeat a sequence of values if you
>> re-seed with a known value. Does arc4random keep that property? I think
>> that it is important that the default RNG be deterministic when given a
>> known seed. (I'm happy for the default seed to be unpredictable.)
>
> I think the removal of MT wasn't proposed (at least not by Theo).
> So we'd still have deterministic sequences in addition to
> arc4random.

I use a RNG quite often. Typically for simulations (games, dierolls,
card draws, that sort of thing). Sometimes for many millions of
results (Monte Carlo simulations, for example). I would always just
use the default RNG supplied by the stdlib - I view my use case as
"normal use" and wouldn't go looking for specialist answers. I'd
occasionally look for reproducibility, although it's not often a key
requirement for me (I would expect it as an option from the stdlib
RNG, though).

Anyone doing crypto who doesn't fully appreciate that it's a
specialist subject and that they should be looking for a dedicated RNG
suitable for crypto, is probably going to make a lot of *other*
mistakes as well. Leading them away from this one probably isn't going
to be enough to make their code something I'd want to use...

So as a user, I'm against making a change like this. Let the default
RNG in the stdlib be something suitable for simulations, "pick a
random question", and similar situations, and provide a crypto-capable
RNG for those who need it, but not as the default. (I am, of course,
assuming that it's not possible to have a single RNG that is the best
option for both uses - nobody on this thread seems to have suggested
that I'm wrong in this assumption).

Paul