Nathaniel Smith <n...@pobox.com> wrote: > (This is based on the assumption that the only time that explicitly > calling os.urandom is the best option is when one cares about the > cryptographic strength of the result -- I'm explicitly distinguishing > here between the hash seeding issue that triggered the original bug > report and explicit calls to os.urandom.)
I disagree with that assumption. I've often found myself to use os.urandom for non-secure random data and seen it as the best option simply because it directly returns the type I wanted: bytes. The last time I looked the random module didn't have a function to directly give me bytes, so I would have to wrap it in something like: bytearray(random.getrandbits(8) for _ in range(size)) Or maybe the function exists, but then it doesn't seem very discoverable. Ideally I would only want to use the random module for non-secure and (in 3.6) the secrets module (which could block) for secure random data and never bother with os.urandom (and knowing how it behaves). But then those modules should probably get new functions to directly return bytes. Sebastian _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
