[Python-ideas] Should our default random number generator be secure?
Steven D'Aprano
steve at pearwood.info
Wed Sep 9 21:07:57 CEST 2015
On Wed, Sep 09, 2015 at 02:55:01PM -0400, random832 at fastmail.us wrote:
> On Wed, Sep 9, 2015, at 14:31, Tim Peters wrote:
> > Also over & over again. If you volunteer to own responsibility for
> > updating all versions of Python each time it changes (in a crypto
> > context, an advance in the state of the art implies the prior state
> > becomes "a bug"), and post a performance bond sufficient to pay
> > someone else to do it if you vanish, then a major pragmatic objection
> > would go away ;-)
>
> I don't see how "Changing Python's RNG implementation today to
> arc4random as it exists now" necessarily implies "Making a commitment to
> guarantee the cryptographic suitability of Python's RNG for all time".
> Those are two separate things.
Not really. Look at the subject line. It doesn't say "should we change
from MT to arc4random?", it asks if the default random number generator
should be secure. The only reason we are considering the change from MT
to arc4random is to make the PRNG cryptographically secure. "Secure" is
a moving target, what is secure today will not be secure tomorrow.
Yes, in principle, we could make the change once, then never again. But
why bother? We don't gain anything from changing to arc4random if there
is no promise to be secure into the future.
Question, aimed at anyone, not necessarily random832 -- one desirable
property of PRNGs is that you can repeat a sequence of values if you
re-seed with a known value. Does arc4random keep that property? I think
that it is important that the default RNG be deterministic when given a
known seed. (I'm happy for the default seed to be unpredictable.)
--
Steve
More information about the Python-ideas
mailing list