[Python-ideas] Python's Source of Randomness and the random.py module Redux
Paul Moore
p.f.moore at gmail.com
Fri Sep 11 10:11:37 CEST 2015
On 10 September 2015 at 23:46, Andrew Barnert <abarnert at yahoo.com> wrote:
> On Sep 10, 2015, at 07:21, Donald Stufft <donald at stufft.io> wrote:
>>
>> Either we can change the default to a secure
>> CSPRNG and break these functions (and the people using them) which is however
>> easily fixed by changing ``import random`` to
>> ``import random; random = random.DeterministicRandom()``
>
> But that isn't a fix, unless all your code is in a single module. If I call random.seed in game.py and then call random.choice in aiplayer.py, I'll get different results after your fix than I did before.
Note that this is another case of wanting "correct by default".
Requiring the user to pass around a RNG object makes it easy to do the
wrong thing - because (as above) people can too easily create multiple
independent RNGs by mistake, which means your numbers don't
necessarily satisfy the randomness criteria any more.
"Secure by default" isn't (and shouldn't be) the only example of
"correct by default" that matters here. Whether "secure" is more
important than "gives the right results" is a matter of opinion, and
application dependent. Password generators have more need to be secure
than to be mathematically random, Monte Carlo simulations (and to a
lesser extent games) the other way around. Many things care about
neither.
If we can't manage "correct and secure by default", someone (and it
won't be me) has to decide which end of the scale gets preference.
Paul.
More information about the Python-ideas
mailing list