[Python-ideas] DRAFT Re: Python's Source of Randomness and the random.py module Redux

Donald Stufft donald at stufft.io
Fri Sep 11 16:38:24 CEST 2015

On September 11, 2015 at 10:33:55 AM, Chris Angelico (rosuav at gmail.com) wrote:
> On Sat, Sep 12, 2015 at 12:28 AM, Cory Benfield wrote:
> > On 11 September 2015 at 14:36, Steven D'Aprano wrote:
> >> Is this a trick question?
> >>
> >> In the absence of any credible attack on the password based on how it
> >> was generated, of course it is safe.
> >
> > I feel like I must have misunderstood you Steven. Didn't you just
> > exclude the attack vector that we're discussing here?
> >
> > What we are saying is that a deterministic PRNG definitionally allows
> > attacks on the password based on how it was generated.
> Only if an attacker can access many passwords generated from the same
> MT stream, right? If the entire program is as was posted (importing
> random and using random.choice(), then terminating), then an attack
> would have to be based on the seeding of the RNG, not on the RNG
> itself. There simply isn't enough content being generated for you to
> be able to learn the internal state, and even if you did, the next run
> of the program will be freshly seeded anyway.

This is a silly, take that code, stick it in a web application and have it
generating API keys or session identifiers instead of passwords, or hell, even 
passwords or random tokens to reset password or any other such thing.

Suddenly you have a case where you have a persistent process, so there isn't a
new seed, and the attacker can more or less request an unlimited number of
outputs. This isn't some mind boggling uncommon case.

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

More information about the Python-ideas mailing list