[Python-ideas] About adding a new iteratormethodcalled "shuffled"
rhamph at gmail.com
Sun Mar 29 20:04:53 CEST 2009
On Sat, Mar 28, 2009 at 9:40 AM, Aahz <aahz at pythoncraft.com> wrote:
> On Fri, Mar 27, 2009, Adam Olsen wrote:
>> The irony is that we only seed with 128 bits, so rather than 2**19937
>> combinations, there's just 2**128. That drops our "safe" list size
>> down to 34. Weee!
> That's probably worth a bug report or RFE if one doesn't already exist.
It seems sufficient to me. We don't want to needlessly drain the
system's entropy pool.
How about a counter proposal? We add an orange or red box in the
random docs that explain a few things together:
* What a cryptographically secure RNG is, that ours isn't it, and that
ours is unacceptable any time money or security is involved.
* Specifically, 624 "iterates" allows you to predict the full state,
and thus all future (and past?) output
* The limitations of our default seed, and how it isn't a practical
problem, overshadowed by the above two things
* The limitations on shuffling a large list, how equidistance means
it's not a practical problem, and is overshadowed by all of the above
Some of that already exists, but is inline. IMO, security issues
deserve a few flashing lights. The context of other problems also
gives the proper light to shuffling's limitations.
Adam Olsen, aka Rhamphoryncus
More information about the Python-ideas