Movatterモバイル変換

[Python-ideas] Pre-PEP Adding A Secrets Module To The StandardLibrary

• Previous message (by thread):[Python-ideas] Pre-PEP Adding A Secrets Module To The StandardLibrary
• Next message (by thread):[Python-ideas] Pre-PEP Adding A Secrets Module To The StandardLibrary
• Messages sorted by:[ date ][ thread ][ subject ][ author ]

On 23 September 2015 at 03:41, Tim Peters <tim.peters at gmail.com> wrote:> [Steven D'Aprano <steve at pearwood.info>]>> I too feel a quiet unease about password(), although I don't have>> anything concrete to pin it on. I'm happy to be guided by people with>> more experience in this realm.>>>> What if we called it simple_password() and made it clear that it wasn't>> intended as an all-singing, all-dancing password generator?>> Just drop it.  Nobody I recall has said anything in favor of it ;-)I think I may have been the one to suggest it originally, since one ofthe things we're trying to address is the plethora of bad advice foundwhen Googling for "python password generator", but I'm OK withdropping it from the initial version of the module, just on thegeneral principle that adding things later is relatively easy, whiletaking them away is hard.> It would be easy to give it as an example in the docs instead,> building directly on choice().  That would steer people who need> fancier stuff in the right direction.Yeah, addressing the default password generation problem should workjust as well as a recipe in the secrets module documentation - I seethe core goal here as being to help guide folks towards using theright random number generator for security sensitive tasks, and "usethe RNG in the secrets module for random secrets, and the RNG in therandom module for modelling and simulation" is a much easier story totell than explaining the technical differences between random.Randomand random.SystemRandom.Raymond Hettinger's philosophy with itertools is likely a good guidingprinciple here: provide a small set of useful primitives, andotherwise favour recipes in the documentation. If we end up with a"more-secrets" module on PyPI akin to "more-itertools", I think that'sfine (and also provides an easy way of backporting future secretsmodule additions to earlier Python versions)Regards,Nick.-- Nick Coghlan   |ncoghlan at gmail.com   |   Brisbane, Australia

• Previous message (by thread):[Python-ideas] Pre-PEP Adding A Secrets Module To The StandardLibrary
• Next message (by thread):[Python-ideas] Pre-PEP Adding A Secrets Module To The StandardLibrary
• Messages sorted by:[ date ][ thread ][ subject ][ author ]