[Python-ideas] PEP 504: Using the system RNG by default
Sturla Molden
sturla.molden at gmail.com
Tue Sep 15 17:40:57 CEST 2015
On 15/09/15 16:47, Nick Coghlan wrote:
> * providing random.system and random.seedable submodules so you can
> explicitly opt in to using the one you want without having to manage
> your own RNG instances
I do not think these names are helpful. The purpose was to increase
security, not confuse the user even more. What does "seedable" mean?
Secure as in ChaCha20? Insecure as in MT19937? Something else? A name
like "seedable" does not convey any useful information about the
security to an un(der)informed web developer. A name like
"random.system" does not convey any information about numerical
applicability to an un(der)informed researcher.
The module names should rather indicate how the generators are intended
to be used. I suggest:
random.crypto.* (os.urandom, ChaCha20, Arc4Random)
random.numeric.* (Mersenne Twister, PCG, XorShift)
Deprecate random.random et al. with a visible warning. That should
convey the message.
Sturla
More information about the Python-ideas
mailing list