[issue21470] Better seeding for the random module

[Tim Peters]

Tim Peters added the comment:

[pitrou]
> I still find it difficult to understand where is the said danger.

The theoretical properties that make the Twister so attractive were all proved based on mathematical analysis of its entire period.  The only way to get at the whole period is to allow for all possible seeds.

If the seeds Python can use are drawn from a relatively tiny subset of the possible seeds, nothing can be said about most of the "proved correct" properties anymore.  Maybe they still hold.  Maybe they don't.  In the absence of analysis (which, AFAIK, is still too difficult to do), the only way to be safe is to refrain from being so bloody "clever" in the interest of saving a few microseconds.

>  As you point out, a sequence of zeroes is a valid random
> sequence, and there is no reason to believe that a sequence
> of zeroes is more likely with a 256 bits seed, than with a
> 20 kbits seed (it might as well be less likely, for all we know).

That's the point:  we don't _know_ much of anything if we restrict to a subset of possible seeds.  But we DO know if all possible seeds are allowed for.  Then the Twister has many nice properties, and provably so.  Allowing for all possible seeds is judicious:  it's an acknowledgement of our ignorance, and a statement that we're more concerned with correctness than micro-efficiency in a (typically) zero- or one-time-per-process `random` initialization cost.

> We may as well bump it from 256 to 512 or 1024 bits,

That's as unprincipled as using 1 bit - although _likely_ to give better results ;-)

> but 20 kbits sounds extremely unusual for a program to read from
> /dev/urandom at startup.

At least on my box, starting Python does not import `random`, and the seeding code isn't called at all.  It's only called when `random` is imported.

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21470>
_______________________________________