Hi,<br><br>I'm not a core Python developer, but it may be intesting to use a real Crush resistant RNG, as one from Random123 (a parallel random generator that is Crush resistant, contrary to the Mersenne Twister, and without a state).<br>
<br>Cheers,<br><br>Matthieu Brucher<br><br><div class="gmail_quote">2012/1/3 Christian Heimes <span dir="ltr"><<a href="mailto:lists@cheimes.de">lists@cheimes.de</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
<br>
all proposed fixes for a randomized hashing function raise and fall with<br>
a good random number generator to feed the random seed. The seed must be<br>
created very early in the startup phase of the interpreter, preferable<br>
before the basic types are initialized. CPython already have multiple<br>
sources for random data (win32_urandom in Modules/posixmodule.c, urandom<br>
in Lib/os.py, Mersenne twister in Modules/_randommodule.c). However we<br>
can't use them because they are wrapped inside Python modules which<br>
require infrastructure like initialized base types.<br>
<br>
I propose an addition to the current Python C API:<br>
<br>
int PyOS_URandom(char *buf, Py_ssize_t len)<br>
<br>
Read "len" chars from the OS's RNG into the pre-allocated buffer "buf".<br>
The RNG should be suitable for cryptography. In case of an error the<br>
function returns -1 and sets an exception, otherwise it returns 0.<br>
On Windows I can re-use most of the code of win32_urandom(). For POSIX I<br>
have to implement os.urandom() in C in order to read data from<br>
/dev/urandom. That's simple and straight forward.<br>
<br>
<br>
Since some platforms may not have /dev/urandom, we need a PRNG in the<br>
core, too. I therefore propose to move the Mersenne twister from<br>
randommodule.c into the core, too.<br>
<br>
typedef struct {<br>
unsigned long state[N];<br>
int index;<br>
} _Py_MT_RandomState;<br>
<br>
unsigned long _Py_MT_GenRand_Int32(_Py_MT_RandomState *state); //<br>
genrand_int32()<br>
double _Py_MT_GenRand_Res53(_Py_MT_RandomState *state); // random_random()<br>
void _Py_MT_GenRand_Init(_Py_MT_RandomState *state, unsigned long seed);<br>
// init_genrand()<br>
void _Py_MT_GenRand_InitArray(_Py_MT_RandomState *state, unsigned long<br>
init_key[], unsigned long key_length); // init_by_array<br>
<br>
<br>
I suggest Python/random.c as source file and Python/pyrandom.h as header<br>
file. Comments?<br>
<br>
Christian<br>
_______________________________________________<br>
Python-Dev mailing list<br>
<a href="mailto:Python-Dev@python.org">Python-Dev@python.org</a><br>
<a href="http://mail.python.org/mailman/listinfo/python-dev" target="_blank">http://mail.python.org/mailman/listinfo/python-dev</a><span onmouseout="cancel = false; window.setTimeout(WRCHideContent, 1000); clearTimeout(showTimer);" onmouseover=" var self = this; showTimer = window.setTimeout(function(){WRCShowContent({'rating':{'value':98,'weight':33},'flags':{'it':1},'single':false,'ttl':7200,'expireTime':'20120103201944'}, self.className)},600);" class="wrc11" style="padding-right:16px;width:16px;height:16px"></span><br>
Unsubscribe: <a href="http://mail.python.org/mailman/options/python-dev/matthieu.brucher%40gmail.com" target="_blank">http://mail.python.org/mailman/options/python-dev/matthieu.brucher%40gmail.com</a><span onmouseout="cancel = false; window.setTimeout(WRCHideContent, 1000); clearTimeout(showTimer);" onmouseover=" var self = this; showTimer = window.setTimeout(function(){WRCShowContent({'rating':{'value':98,'weight':33},'flags':{'it':1},'single':false,'ttl':7200,'expireTime':'20120103201944'}, self.className)},600);" class="wrc11" style="padding-right:16px;width:16px;height:16px"></span><br>
</blockquote></div><br><br clear="all"><br>-- <br>Information System Engineer, Ph.D.<br>Blog: <a href="http://matt.eifelle.com" target="_blank">http://matt.eifelle.com</a><span onmouseout="cancel = false; window.setTimeout(WRCHideContent, 1000); clearTimeout(showTimer);" onmouseover=" var self = this; showTimer = window.setTimeout(function(){WRCShowContent({'rating':{},'flags':{},'single':true,'ttl':7200,'expireTime':'20120103122129'}, self.className)},600);" class="wrc0" style="padding-right:16px;width:16px;height:16px"></span><br>
LinkedIn: <a href="http://www.linkedin.com/in/matthieubrucher" target="_blank">http://www.linkedin.com/in/matthieubrucher</a><span onmouseout="cancel = false; window.setTimeout(WRCHideContent, 1000); clearTimeout(showTimer);" onmouseover=" var self = this; showTimer = window.setTimeout(function(){WRCShowContent({'rating':{'value':92,'weight':100},'flags':{},'single':false,'ttl':7200,'expireTime':'20120103112142'}, self.className)},600);" class="wrc13" style="padding-right:16px;width:16px;height:16px"></span><br>