[Raymond Hettinger] > ... > I'm not all at comfortable with the wording of the second sentence. > I was the author of the SystemRandom() class and I only want > to guarantee that it provides access to the operating system's > source of random numbers. It is a bold claim to guarantee that > it is cryptographically secure (many such claims in the past have > turned-out to be false). We don't really know what it is going to > do on a VM for example. > > Also, I don't want to call SystemRandom() a pseudo-random number > generator. It purports to be an actual random number generator > (or at least it purports to have used some real source of entropy at > some stage). To me (the module maintainer), that is an important > distinction.
It should be sufficient to say that SystemRandom() inherits all the properties of the operating system's os.urandom() implementation, yes? Since Python has nothing to do with that, it's most accurate and helpful to tell the user to refer to their OS urandom docs. On all platforms I'm aware of (two ;-)), urandom() is in fact a CSPRNG, not an "actual random number generator". That's why urandom() can get away with never blocking, potentially producing bits far faster than the system random() can accumulate fresh entropy. But all the hideous details don't belong in the Python docs - they belong in the OS's urandom docs. A phrasing I've found helpful is to tell users that "urandom() is as secure as the people who wrote your operating system knew how to make it". Linux users smile then, and Windows users groan ;-) _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com