[Python-ideas] Python's Source of Randomness and the random.py module Redux

Random832 random832 at fastmail.com
Thu Sep 10 05:59:22 CEST 2015

Steven D'Aprano <steve at pearwood.info> writes:

> On Wed, Sep 09, 2015 at 08:01:16PM -0400, Donald Stufft wrote:
> [...]
> You're worried about attacks on the random number generator that 
> produces the characters in the password? I think I'm going to have to 
> see an attack before I believe that this is meaningful.

Isn't the only difference between generating a password and generating a
key the length (and base) of the string? Where is the line?

> That is an astonishing claim, and I'd want to see evidence for it before 
> accepting it.

I assume it's comparing a CSPRNG all of whose state is in cache (or
registers, if a large block of random bytes is requested from the CSPRNG
in one go, with memcpy of data which must be retrieved from main

More information about the Python-ideas mailing list