[Python-ideas] Should our default random number generator be secure?

Robert Kern robert.kern at gmail.com
Thu Sep 10 19:41:39 CEST 2015

On 2015-09-10 04:56, Nathaniel Smith wrote:
> On Wed, Sep 9, 2015 at 8:35 PM, Tim Peters <tim.peters at gmail.com> wrote:
>> There are some clean and easy approaches to this based on
>> crypto-inspired schemes, but giving up crypto strength for speed.  If
>> you haven't read it, this paper is delightful:
>>      http://www.thesalmons.org/john/random123/papers/random123sc11.pdf
> It really is! As AES acceleration instructions become more common
> (they're now standard IIUC on x86, x86-64, and even recent ARM?), even
> just using AES in CTR mode becomes pretty compelling -- it's fast,
> deterministic, provably equidistributed, *and* cryptographically
> secure enough for many purposes.

I'll also recommend the PCG paper (and algorithm) as the author's cross-PRNGs 
comparisons have been bandied about in this thread already. The paper lays out a 
lot of the relevant issues and balances the various qualities that are 
important: statistical quality, speed, and security (of various flavors).


I'm actually not that impressed with Random123. The core idea is nice and clean, 
but the implementation is hideously complex.

Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
  that is made terrible by our own mad attempt to interpret it as though it had
  an underlying truth."
   -- Umberto Eco

More information about the Python-ideas mailing list