[Python-ideas] Should our default random number generator be secure?
Guido van Rossum
guido at python.org
Wed Sep 9 19:43:56 CEST 2015
---------- Forwarded message ----------
From: Theo de Raadt
Date: Wed, Sep 9, 2015 at 10:42 AM
Subject: Re: getentropy, getrandom, arc4random()
To: guido at python.org
been speaking to a significant go person.
it takes data out of that buffer, and does not zero it behind itself.
obviously for performance reasons.
same type of thing happens with MT-style engines. in practice, they
can be would backwards. a proper stream cipher cannot be turned
however, that's just an academic observation. or maybe it indicates
that well-financed groups can get it wrong too.
by the way, chacha arc4random can create random values faster than a
memcpy -- the computation of fresh output is faster than doing
gross-cost of "read" from memory (when cache dirtying is accounted for).
--Guido van Rossum (python.org/~guido)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-ideas