PEP 466: tweak wording of os.urandom() rationale

This commit is contained in:
Nick Coghlan 2014-05-12 20:55:52 +10:00
parent ceadb0f33c
commit a87ecb2a8e
1 changed files with 7 additions and 5 deletions

View File

@ -356,11 +356,13 @@ The ``hmac.compare_digest()`` and ``hashlib.pbkdf2_hmac()`` are included to
help lower the barriers to secure password storage and checking in Python 2
server applications.
The os.urandom change has been included in this proposal to help encourage
users to leave the task of providing high quality random numbers for
cryptographic use case to operating system vendors (as this is a genuinely
hard problem, and operating system developers have more tools available to
deal with it than Python application runtimes)
The ``os.urandom()`` change has been included in this proposal to further
encourage users to leave the task of providing high quality random numbers
for cryptographic use cases to operating system vendors. The use of
insufficiently random numbers has the potential to compromise *any*
cryptographic system, and operating system developers have more tools
available to address that problem adequately than the typical Python
application runtime.
Rejected alternative: just advise developers to migrate to Python 3