From d8028403730c7d6235c732b8a0ee333482ab9139 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sat, 7 Feb 2026 13:32:48 +0100 Subject: [PATCH 1/4] gh-143700: document `secrets.DEFAULT_ENTROPY` as an opaque value --- Doc/library/secrets.rst | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/Doc/library/secrets.rst b/Doc/library/secrets.rst index e828a3fba22276..3ad940ed28e70d 100644 --- a/Doc/library/secrets.rst +++ b/Doc/library/secrets.rst @@ -62,39 +62,44 @@ The :mod:`!secrets` module provides functions for generating secure tokens, suitable for applications such as password resets, hard-to-guess URLs, and similar. -.. function:: token_bytes([nbytes=None]) +.. function:: token_bytes(nbytes=None) Return a random byte string containing *nbytes* number of bytes. - If *nbytes* is ``None`` or not supplied, a reasonable default is - used. + + If *nybtes* is not specified or ``None``, :const:`DEFAULT_ENTROPY` + is used instead. .. doctest:: - >>> token_bytes(16) #doctest:+SKIP + >>> token_bytes(16) # doctest: +SKIP b'\xebr\x17D*t\xae\xd4\xe3S\xb6\xe2\xebP1\x8b' -.. function:: token_hex([nbytes=None]) +.. function:: token_hex(nbytes=None) Return a random text string, in hexadecimal. The string has *nbytes* - random bytes, each byte converted to two hex digits. If *nbytes* is - ``None`` or not supplied, a reasonable default is used. + random bytes, each byte converted to two hex digits. + + If *nybtes* is not specified or ``None``, :const:`DEFAULT_ENTROPY` + is used instead. .. doctest:: - >>> token_hex(16) #doctest:+SKIP + >>> token_hex(16) # doctest: +SKIP 'f9bf78b9a18ce6d46a0cd2b0b86df9da' -.. function:: token_urlsafe([nbytes=None]) +.. function:: token_urlsafe(nbytes=None) Return a random URL-safe text string, containing *nbytes* random bytes. The text is Base64 encoded, so on average each byte results - in approximately 1.3 characters. If *nbytes* is ``None`` or not - supplied, a reasonable default is used. + in approximately 1.3 characters. + + If *nybtes* is not specified or ``None``, :const:`DEFAULT_ENTROPY` + is used instead. .. doctest:: - >>> token_urlsafe(16) #doctest:+SKIP + >>> token_urlsafe(16) # doctest: +SKIP 'Drmhze6EPcv0fN_81Bj-nA' @@ -115,11 +120,13 @@ argument to the various ``token_*`` functions. That argument is taken as the number of bytes of randomness to use. Otherwise, if no argument is provided, or if the argument is ``None``, -the ``token_*`` functions will use a reasonable default instead. +the ``token_*`` functions uses :const:`DEFAULT_ENTROPY` instead. -.. note:: +.. data:: DEFAULT_ENTROPY + + Default number of bytes of randomness used by the ``token_*`` functions. - That default is subject to change at any time, including during + The exact value is subject to change at any time, including during maintenance releases. From 5b5c09e76b54798f96cdecdf8eaeaae1546cbc5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sat, 7 Feb 2026 23:05:18 +0100 Subject: [PATCH 2/4] Update Doc/library/secrets.rst Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> --- Doc/library/secrets.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Doc/library/secrets.rst b/Doc/library/secrets.rst index 3ad940ed28e70d..e57820dbb0730f 100644 --- a/Doc/library/secrets.rst +++ b/Doc/library/secrets.rst @@ -66,7 +66,7 @@ hard-to-guess URLs, and similar. Return a random byte string containing *nbytes* number of bytes. - If *nybtes* is not specified or ``None``, :const:`DEFAULT_ENTROPY` + If *nbytes* is not specified or ``None``, :const:`DEFAULT_ENTROPY` is used instead. .. doctest:: From fe4b381afea418ce370bddb064950134cfb9b20d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sat, 7 Feb 2026 23:06:09 +0100 Subject: [PATCH 3/4] Update Doc/library/secrets.rst --- Doc/library/secrets.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Doc/library/secrets.rst b/Doc/library/secrets.rst index e57820dbb0730f..919c00da971129 100644 --- a/Doc/library/secrets.rst +++ b/Doc/library/secrets.rst @@ -80,7 +80,7 @@ hard-to-guess URLs, and similar. Return a random text string, in hexadecimal. The string has *nbytes* random bytes, each byte converted to two hex digits. - If *nybtes* is not specified or ``None``, :const:`DEFAULT_ENTROPY` + If *nbytes* is not specified or ``None``, :const:`DEFAULT_ENTROPY` is used instead. .. doctest:: From c719e68d7cffdcfe01925603694fc9414b3c0e2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?= <10796600+picnixz@users.noreply.github.com> Date: Sat, 7 Feb 2026 23:06:14 +0100 Subject: [PATCH 4/4] Update Doc/library/secrets.rst --- Doc/library/secrets.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Doc/library/secrets.rst b/Doc/library/secrets.rst index 919c00da971129..997d1f32cccd75 100644 --- a/Doc/library/secrets.rst +++ b/Doc/library/secrets.rst @@ -94,7 +94,7 @@ hard-to-guess URLs, and similar. bytes. The text is Base64 encoded, so on average each byte results in approximately 1.3 characters. - If *nybtes* is not specified or ``None``, :const:`DEFAULT_ENTROPY` + If *nbytes* is not specified or ``None``, :const:`DEFAULT_ENTROPY` is used instead. .. doctest::