[Python-ideas] Should our default random number generator be secure?
Steven D'Aprano
steve at pearwood.info
Thu Sep 10 04:11:08 CEST 2015
On Wed, Sep 09, 2015 at 08:55:06PM -0500, Tim Peters wrote:
> [Alexander Walters <tritium-list at sdamon.com>]
> > In a word - No.
> >
> > There is zero reason for people doing crypto to use the random module,
> > therefor we should not change the random module to be cryptographically
> > secure.
> >
> > Don't break things and slow my code down by default for dubious reasons,
> > please.
>
> Would your answer change if a crypto generator were _faster_ than MT?
> MT isn't speedy by modern standards, and is cache-hostile (about 2500
> bytes of mutable state).
>
> Not claiming a crypto hash _would_ be faster. But it is possible.
If the crypto PRNG were comparable in speed to what we have now (not
significantly slower), or faster, *and* gave reproducible results with
the same seed, *and* had no known/detectable statistical biases), and we
could promise that those properties would continue to hold even when the
state of the art changed and we got a new default crypto PRNG, then I'd
still be -0.5 on the change due to the "false sense of security" factor.
As I've already mentioned in another comment, I'm with Paul Moore -- I
think anyone foolish/ignorant/lazy/malicious enough to use the default
PRNG for crypto is surely making more than one mistake, and fixing that
one thing for them will just give people a false sense of security.
--
Steve
More information about the Python-ideas
mailing list