[Python-ideas] PEP 504: Using the system RNG by default

[Tim Peters]

[Tim]
>> ....
>> Note that, in context, "saferandom" _would_ be a standard module in a
>> future Python 3 feature release.  But it _could_ be used literally
>> tomorrow by anyone who wanted a head start, whether in a current
>> Python 2 or Python 3.


[Brett Cannon <brett at python.org>]
> +1 on the overall idea, although I would rather the module be named
> random.safe in the stdlib ("namespaces are one honking great idea"

Ah, grasshopper, there's a reason that one is last in PEP 20.  "Flat
is better than nested" is the one - and only one - that _obviously_
applies here ;-)


> and it helps keep the "safer" version of random near the "unsafe" version
> in the module index which makes discovery easier). And as long as the
> version on PyPI stays Python 2/3 compatible people can just rely on the
> saferandom name until they drop Python 2 support and then just update
>  their imports.

I'd much rather see Steven D'Aprano's "secrets" idea pursued:  solve
"the problems" on their own terms directly.

> ...
> So, a PEP for this to propose which random algorithm to use (I have at least
> heard chacha/ch4random and some AES thing bandied about as being fast)?

os.urandom() is the obvious thing to build on, and it's already there.
If alternatives are desired (which they may well be - .urandom() is
sloooooooow on many systems), that can be addressed
later.  Before then, speed probably doesn't matter for most plausibly
appropriate uses.


> And if yes to a PEP, who's writing it? And then who is writing the
> implementation in the end?

Did you just volunteer?  Great!  Thanks ;-)  OK, Steven already
volunteered to write a PEP for his proposal.