[Python-ideas] Should our default random number generator be secure?

Tim Peters tim.peters at gmail.com
Thu Sep 10 06:58:33 CEST 2015

[Steven D'Aprano]
>> one desirable property of PRNGs is that you can repeat a sequence of
>> values if you re-seed with a known value. Does arc4random keep that
>> property?

[Greg Ewing]
[> Another property that's important for some applications is
> to be able to efficiently "jump ahead" some number of steps
> in the sequence, to produce multiple independent streams of
> numbers. It would be good to know if that is possible with
> arc4random.

No for "arc4random" based on RC4, yes for "arc4random" based on
ChaCha20, "mostly yes" for "arc4random" in the OpenBSD implementation,
wholly unknown for whatever functions that will may be_called_
"arc4random" in the future.

The fly in the ointment for the OpenBSD version is that it
periodically fiddles its internal state with "entropy" obtained from
the kernel.  It's completely unreproducible for that reason.  However,
you can still jump ahead in the state.  It's just impossible to say
that it's the same state you would have arrived at had you invoked the
function that many times instead (the kernel could change the state in
unpredictable ways any number of times while you were doing that).;

More information about the Python-ideas mailing list