On 20 October 2015 at 11:33, Victor Stinner <victor.stinner at gmail.com> wrote: > 2015-10-20 11:11 GMT+02:00 Nick Coghlan <ncoghlan at gmail.com>: >> Folks wanting to simulate die rolls should be using the random module >> rather than the secrets module anyway, > > Hum, why? Dices are used in Casino where security matters because it > costs money. True, I was thinking of just-for-fun games, but in gambling games unbiased randomness can be significantly more important. > A bad API can be more likely misused and introduce security > vulnerability. The C rand() API is a good example: 1+rand()%6 is not > uniform... "1 + secrets.randbelow(6)" would be uniform, though. As Tim pointed out, the *lack* of flexibility in randbelow() is a feature here, since it focuses on producing a uniformly random distribution of a given size, which can then be transformed deterministically. Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4