[Python-ideas] Should our default random number generator be secure?
robert.kern at gmail.com
Thu Sep 10 19:41:39 CEST 2015
On 2015-09-10 04:56, Nathaniel Smith wrote:
> On Wed, Sep 9, 2015 at 8:35 PM, Tim Peters <tim.peters at gmail.com> wrote:
>> There are some clean and easy approaches to this based on
>> crypto-inspired schemes, but giving up crypto strength for speed. If
>> you haven't read it, this paper is delightful:
> It really is! As AES acceleration instructions become more common
> (they're now standard IIUC on x86, x86-64, and even recent ARM?), even
> just using AES in CTR mode becomes pretty compelling -- it's fast,
> deterministic, provably equidistributed, *and* cryptographically
> secure enough for many purposes.
I'll also recommend the PCG paper (and algorithm) as the author's cross-PRNGs
comparisons have been bandied about in this thread already. The paper lays out a
lot of the relevant issues and balances the various qualities that are
important: statistical quality, speed, and security (of various flavors).
I'm actually not that impressed with Random123. The core idea is nice and clean,
but the implementation is hideously complex.
"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco
More information about the Python-ideas