On 05/25/2011 06:58 AM, Petri Lehtinen wrote: > Eric Smith wrote: >>> Victor Stinner wrote: >>>> I already patched the doc of the random module to add a security >>>> warning. Well, you don't really need to know how a CSPRNG is >>>> implemented, just that random cannot be used for security and that >>>> ssl.RAND_bytes() raises an error if was seeded with enough data. >>>> >>>> Tell me if my warning is not clear: >>>> >>>> .. warning:: >>>> >>>> The generators of the :mod:`random` module should not be used for >>>> security purposes, they are not cryptographic. Use ssl.RAND_bytes() >>>> if you require a cryptographically secure pseudorandom number >>>> generator. >>> >>> Looks good to me. Regarding style, you should probably make a link, >>> like :func:`ssl.RAND_bytes()`. >> >> Does "are not cryptographic" have any meaning? (I'm not an expert, just >> not sure). Should it not be "cryptographically secure", to match the next >> sentence? > > Or just remove ", they are not cryptographic" altogether?
Good call. That's a better change. Eric. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
