> Victor Stinner wrote: >> I already patched the doc of the random module to add a security >> warning. Well, you don't really need to know how a CSPRNG is >> implemented, just that random cannot be used for security and that >> ssl.RAND_bytes() raises an error if was seeded with enough data. >> >> Tell me if my warning is not clear: >> >> .. warning:: >> >> The generators of the :mod:`random` module should not be used for >> security purposes, they are not cryptographic. Use ssl.RAND_bytes() >> if you require a cryptographically secure pseudorandom number >> generator. > > Looks good to me. Regarding style, you should probably make a link, > like :func:`ssl.RAND_bytes()`.
Does "are not cryptographic" have any meaning? (I'm not an expert, just not sure). Should it not be "cryptographically secure", to match the next sentence? Eric. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
