On 20 October 2015 at 11:33, Victor Stinner <[email protected]> wrote: > 2015年10月20日 11:11 GMT+02:00 Nick Coghlan <[email protected]>: >> Folks wanting to simulate die rolls should be using the random module >> rather than the secrets module anyway, > > Hum, why? Dices are used in Casino where security matters because it > costs money.
True, I was thinking of just-for-fun games, but in gambling games unbiased randomness can be significantly more important. > A bad API can be more likely misused and introduce security > vulnerability. The C rand() API is a good example: 1+rand()%6 is not > uniform... "1 + secrets.randbelow(6)" would be uniform, though. As Tim pointed out, the *lack* of flexibility in randbelow() is a feature here, since it focuses on producing a uniformly random distribution of a given size, which can then be transformed deterministically. Cheers, Nick. -- Nick Coghlan | [email protected] | Brisbane, Australia _______________________________________________ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com