Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed1a.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <jeanpierreda@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.002
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'heavily': 0.04; 'syntax': 0.04; 'string': 0.09; 'strings.': 0.09; 'subject:language': 0.09; 'subject:string': 0.09; 'wrapper': 0.09; 'cc:addr:python-list': 0.11; 'python': 0.11; 'anyway': 0.14; 'random': 0.14; 'template': 0.14; "wouldn't": 0.14; '(meaning': 0.16; 'comma,': 0.16; 'dismiss': 0.16; 'expressions,': 0.16; 'fallback': 0.16; 'insights': 0.16; 'outputs': 0.16; 'subject:generation': 0.16; 'subject:random': 0.16; 'vastly': 0.16; 'which,': 0.16; 'language': 0.16; 'wrote:': 0.18; 'library': 0.18; 'cheap': 0.19; 'pfxlen:0': 0.19; 'producing': 0.19; 'aug': 0.22; 'proposed': 0.22; 'cc:addr:python.org': 0.22; 'copied': 0.24; 'paul': 0.24; 'cc:2**0': 0.24; 'source': 0.25; 'equivalent': 0.26; 'suggested': 0.26; 'header:In-Reply-To:1': 0.27; 'specifically': 0.29; 'am,': 0.29; "doesn't": 0.30; 'matching': 0.30; 'message- id:@mail.gmail.com': 0.30; "i'm": 0.30; 'easier': 0.31; 'accidentally': 0.31; 'relies': 0.31; 'class': 0.32; 'regular': 0.32; 'text': 0.33; 'except': 0.35; 'something': 0.35; 'good.': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'apply,': 0.36; 'library.': 0.36; 'templates': 0.36; 'should': 0.36; 'example,': 0.37; 'two': 0.37; 'depends': 0.38; 'whatever': 0.38; 'does': 0.39; 'sure': 0.39; 'how': 0.40; 'even': 0.60; 'expression': 0.60; 'you.': 0.62; 'back': 0.62; "you've": 0.63; 'guarantee': 0.63; 'more': 0.64; 'different': 0.65; 'taking': 0.65; 'to:addr:gmail.com': 0.65; 'approaches': 0.68; 'sound': 0.68; 'secure': 0.71; 'flexible,': 0.84; 'insecure': 0.84; 'knee': 0.84; 'regexp': 0.84; 'serious': 0.97
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=hRl6EKH57wB+Rhsttn7L9BYr7dXpGwdqEm9zbSIgnR8=; b=lz9OjoncLm5DJx2B5m9dVcNsSOJ9db/cHaRbPr8IaFUFtSyi2sHNIEVjlYB+0ZKC40 G984MGj4ZOn35ygcQH4yJb1Q+RPgEhvwF9NYvkqVLiDqyTtQOGeuXksmyVgZFXp8aFUL 75XRO7XnxJ/nTlPdKxzvOyDmj6XzfW1K2jCbf5j82s18AUNPk55vdEpxEUI0UaJ7iDnv EjMHqsTD0p0+Zkq+xUy3+7aXR1IXJMQda57eQ0Gp31Zouz/bJBDuiX6FWWzh3aII68G7 XjafADjicPP12+8h2qSJHDZAo/FtEgxJ4c7SjnjcDDjwwp2T3jJTaDRBqeoA8WAB9Xdn DiVg==
X-Received: by 10.224.128.9 with SMTP id i9mr58221933qas.50.1407696562639; Sun, 10 Aug 2014 11:49:22 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <b8cf8463-ba05-4f2f-b572-60f73a7a9917@googlegroups.com>
References: <14d94692-2257-4dfb-a82f-f1674a839233@googlegroups.com> <mailman.12817.1407674628.18130.python-list@python.org> <b8cf8463-ba05-4f2f-b572-60f73a7a9917@googlegroups.com>
From: Devin Jeanpierre <jeanpierreda@gmail.com>
Date: Sun, 10 Aug 2014 11:48:42 -0700
Subject: Re: Template language for random string generation
To: Paul Wolf <paulwolf333@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: "comp.lang.python" <python-list@python.org>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.12822.1407696570.18130.python-list@python.org>
Lines: 44
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1407696570 news.xs4all.nl 2921 [2001:888:2000:d::a6]:34943
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:75997

On Sun, Aug 10, 2014 at 9:34 AM, Paul Wolf <paulwolf333@gmail.com> wrote:
> * No one will want to write that expression

We've already established that one to be wrong. ;)

> * The regex expression doesn't work anyway

That's a cheap swipe. The regexp doesn't work because I used a colon
instead of a comma, because I accidentally copied you. :(

Speaking of which, is there a reason you've diverged from regex syntax
in x{8: 15} vs x{8,15}?


Don't mind my suggestion to use existing formats even when it's
inconvenient. It's a knee jerk reaction/question, not a serious
complaint.

> I should also clarify that when I say the strgen template language is the=
 converse of regular expressions, this is the case conceptually, not formal=
ly. Matching text strings is fundamentally different from producing randomi=
zed strings.

Mmmm, I wouldn't be so quick to dismiss any insights from regexps
here. It depends on your fundamentals. For example, automata-theoretic
approaches do apply, and can let you guarantee that equivalent
templates always generate the same outputs given the same inputs.
(Meaning that the only thing that matters is what the template
matches, not how it's spelled.)

> Whether using SystemRandom is cryptographically weak is not something I'm=
 taking up here. Someone already suggested allowing the class to accept a d=
ifferent random source provider. That's an excellent idea. I wanted to make=
 sure strgen does whatever they would do anyway hand-coding using the Pytho=
n Standard Library except vastly more flexible, easier to edit and shorter.=
 strgen is two things: a proposed standard way of expressing a string gener=
ation specification that relies heavily on randomness and a wrapper around =
the standard library. I specifically did not want to try to write better cr=
yptographic routines.

The fallback is what worries me. Falling back from a secure thing to
an insecure thing doesn't sound good.

-- Devin