PEP 466: tweak wording of os.urandom() rationale
This commit is contained in:
parent
ceadb0f33c
commit
a87ecb2a8e
12
pep-0466.txt
12
pep-0466.txt
|
@ -356,11 +356,13 @@ The ``hmac.compare_digest()`` and ``hashlib.pbkdf2_hmac()`` are included to
|
|||
help lower the barriers to secure password storage and checking in Python 2
|
||||
server applications.
|
||||
|
||||
The os.urandom change has been included in this proposal to help encourage
|
||||
users to leave the task of providing high quality random numbers for
|
||||
cryptographic use case to operating system vendors (as this is a genuinely
|
||||
hard problem, and operating system developers have more tools available to
|
||||
deal with it than Python application runtimes)
|
||||
The ``os.urandom()`` change has been included in this proposal to further
|
||||
encourage users to leave the task of providing high quality random numbers
|
||||
for cryptographic use cases to operating system vendors. The use of
|
||||
insufficiently random numbers has the potential to compromise *any*
|
||||
cryptographic system, and operating system developers have more tools
|
||||
available to address that problem adequately than the typical Python
|
||||
application runtime.
|
||||
|
||||
|
||||
Rejected alternative: just advise developers to migrate to Python 3
|
||||
|
|
Loading…
Reference in New Issue