[Python-Dev] RNG in the core
ncoghlan at gmail.com
Wed Jan 4 02:42:20 CET 2012
On Wed, Jan 4, 2012 at 8:21 AM, "Martin v. Löwis" <martin at v.loewis.de> wrote:
>> Have you read the following sentence:
>> “Since some platforms may not have /dev/urandom, we need a PRNG in the
>> core, too. I therefore propose to move the Mersenne twister from
>> randommodule.c into the core, too.”
> I disagree. We don't need a PRNG on platforms without /dev/urandom or
> any other native RNG.
> Initializing the string-hash seed to 0 is perfectly fine on those
> platforms; we can do slightly better by using, say, the current
> time (in ms or µs if available) and the current pid (if available).
> People concerned with the security on those systems either need to
> switch to a different system, or provide a patch to access the
> platform's native random number generator.
+1 (especially given how far back this is going to be ported)
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev