[Python-ideas] About adding a new iteratormethodcalled "shuffled"

Adam Olsen rhamph at gmail.com
Sun Mar 29 20:04:53 CEST 2009


On Sat, Mar 28, 2009 at 9:40 AM, Aahz <aahz at pythoncraft.com> wrote:
> On Fri, Mar 27, 2009, Adam Olsen wrote:
>>
>> The irony is that we only seed with 128 bits, so rather than 2**19937
>> combinations, there's just 2**128.  That drops our "safe" list size
>> down to 34.  Weee!
>
> That's probably worth a bug report or RFE if one doesn't already exist.

It seems sufficient to me.  We don't want to needlessly drain the
system's entropy pool.

How about a counter proposal?  We add an orange or red box in the
random docs that explain a few things together:

* What a cryptographically secure RNG is, that ours isn't it, and that
ours is unacceptable any time money or security is involved.
* Specifically, 624 "iterates" allows you to predict the full state,
and thus all future (and past?) output
* The limitations of our default seed, and how it isn't a practical
problem, overshadowed by the above two things
* The limitations on shuffling a large list, how equidistance means
it's not a practical problem, and is overshadowed by all of the above

Some of that already exists, but is inline.  IMO, security issues
deserve a few flashing lights.  The context of other problems also
gives the proper light to shuffling's limitations.


-- 
Adam Olsen, aka Rhamphoryncus



More information about the Python-ideas mailing list