[Python-ideas] Should our default random number generator be secure?

Tim Peters tim.peters at gmail.com
Fri Sep 11 07:24:23 CEST 2015

[M.-A. Lemburg]
>> I'm pretty sure people doing crypto will know and most others
>> simply don't care :-)

[Stephen J. Turnbull <stephen at xemacs.org>]
> Which is why botnets have millions of nodes.

I'm not a security wonk, but I'll bet a life's salary ;-) we'd have
botnets just as pervasive if every non-crypto RNG in the world were
banned - or had never existed.

To start a botnet, the key skill is social engineering:  tricking
ordinary users into installing malicious software.  So long as end
users are allowed to run programs, that problem will never go away.
Hell, I get offers to install malware each day on Facebook alone,
although they're *spelled* like "Install Flash update to see this
shocking video!".

Those never end for the same reason I still routinely get Nigerian 419
spam:  there are plenty of people gullible enough to fall for them
outright.  Technical wizardry isn't needed to get in the door on
millions of machines.

So if RNGs have something to do with security, it's not with botnets;
let's not oversell this.

> People who do web security evidently believe that inappropriate RNGs
> have something to do with widespread security issues.

Do they really?  I casually follow news of the latest exploits, and I
really don't recall any of them pinned on an RNG (as opposed to highly
predictable default RNG _seeding_ from several years back).  Mostly
out-of-bounds crap in C, or exploiting holes in security models, or
bugs in the implementations of those models (whether Microsoft's,
Java's, Adobe Flash's ...).

> (That doesn't mean they're right, but it gives me pause for thought -- evidently,
> Guido thought so too!)

Or it's that Theo can be very insistent, and Guido is only brusque
with the non-Dutch ;-)

Not saying switching is bad.  Am saying I've seen no compelling
justification for causing users (& book & course authors & ....) such
pain.  If this were Python 0.9.1 at issue, sure - but random.py's
basic API really hasn't changed since then.

More information about the Python-ideas mailing list