[Python-ideas] Python's Source of Randomness and the random.py module Redux
random832 at fastmail.com
Thu Sep 10 05:59:22 CEST 2015
Steven D'Aprano <steve at pearwood.info> writes:
> On Wed, Sep 09, 2015 at 08:01:16PM -0400, Donald Stufft wrote:
> You're worried about attacks on the random number generator that
> produces the characters in the password? I think I'm going to have to
> see an attack before I believe that this is meaningful.
Isn't the only difference between generating a password and generating a
key the length (and base) of the string? Where is the line?
> That is an astonishing claim, and I'd want to see evidence for it before
> accepting it.
I assume it's comparing a CSPRNG all of whose state is in cache (or
registers, if a large block of random bytes is requested from the CSPRNG
in one go, with memcpy of data which must be retrieved from main
More information about the Python-ideas