[Python-ideas] DRAFT Re: Python's Source of Randomness and the random.py module Redux

Cory Benfield cory at lukasa.co.uk
Fri Sep 11 16:38:12 CEST 2015


On 11 September 2015 at 15:33, Chris Angelico <rosuav at gmail.com> wrote:
> Only if an attacker can access many passwords generated from the same
> MT stream, right? If the entire program is as was posted (importing
> random and using random.choice(), then terminating), then an attack
> would have to be based on the seeding of the RNG, not on the RNG
> itself. There simply isn't enough content being generated for you to
> be able to learn the internal state, and even if you did, the next run
> of the program will be freshly seeded anyway.

Sure, if the entire program is as posted, but we should probably
assume it isn't. Some programs definitely are, but I'm not worried
about them: I'm worried about the ones that aren't.


More information about the Python-ideas mailing list