[Python-ideas] Should our default random number generator be secure?

Steven D'Aprano steve at pearwood.info
Wed Sep 9 21:07:57 CEST 2015


On Wed, Sep 09, 2015 at 02:55:01PM -0400, random832 at fastmail.us wrote:
> On Wed, Sep 9, 2015, at 14:31, Tim Peters wrote:
> > Also over & over again.  If you volunteer to own responsibility for
> > updating all versions of Python each time it changes (in a crypto
> > context, an advance in the state of the art implies the prior state
> > becomes "a bug"), and post a performance bond sufficient to pay
> > someone else to do it if you vanish, then a major pragmatic objection
> > would go away ;-)
> 
> I don't see how "Changing Python's RNG implementation today to
> arc4random as it exists now" necessarily implies "Making a commitment to
> guarantee the cryptographic suitability of Python's RNG for all time".
> Those are two separate things.

Not really. Look at the subject line. It doesn't say "should we change 
from MT to arc4random?", it asks if the default random number generator 
should be secure. The only reason we are considering the change from MT 
to arc4random is to make the PRNG cryptographically secure. "Secure" is 
a moving target, what is secure today will not be secure tomorrow.

Yes, in principle, we could make the change once, then never again. But 
why bother? We don't gain anything from changing to arc4random if there 
is no promise to be secure into the future.

Question, aimed at anyone, not necessarily random832 -- one desirable 
property of PRNGs is that you can repeat a sequence of values if you 
re-seed with a known value. Does arc4random keep that property? I think 
that it is important that the default RNG be deterministic when given a 
known seed. (I'm happy for the default seed to be unpredictable.)


-- 
Steve


More information about the Python-ideas mailing list