[Python-Dev] RNG in the core

Victor Stinner victor.stinner at gmail.com
Tue Jan 3 22:17:06 CET 2012

A randomized hash doesn't need cryptographic RNG (which are slow and
need a lot of new code), and the new hash function should maybe not be
cryptographic. We need to make the DoS more expensive for the
attacker, but we don't need to add "too much security" for that.

Mersenne Twister is useless here: it is only needed when you need to
generate a fast RNG to generate megabytes of random data, whereas we
will not need more than 4 KB. The OS RNG is just fine (fast enough and
not blocking).

So we can use Windows CryptoGen API (which is already implemented in
Python, win32_urandom) and /dev/urandom on UNIX/BSD. /dev/urandom does
never block. We need also a fallback if /dev/urandom is not available.
Because this case should not occur on modern OS, the fallback can be a
weak function like something combining getpid(), gettimeofday(),
address of the stack, etc. To generate 4 KB from few words, we can use
a very simple LCG (x(n+1) = (x(n) * a + c) mod k).

More information about the Python-Dev mailing list