Eric Smith wrote: > > Victor Stinner wrote: > >> I already patched the doc of the random module to add a security > >> warning. Well, you don't really need to know how a CSPRNG is > >> implemented, just that random cannot be used for security and that > >> ssl.RAND_bytes() raises an error if was seeded with enough data. > >> > >> Tell me if my warning is not clear: > >> > >> .. warning:: > >> > >> The generators of the :mod:`random` module should not be used for > >> security purposes, they are not cryptographic. Use ssl.RAND_bytes() > >> if you require a cryptographically secure pseudorandom number > >> generator. > > > > Looks good to me. Regarding style, you should probably make a link, > > like :func:`ssl.RAND_bytes()`. > > Does "are not cryptographic" have any meaning? (I'm not an expert, just > not sure). Should it not be "cryptographically secure", to match the next > sentence?
Or just remove ", they are not cryptographic" altogether? _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
