[Python-ideas] Should our default random number generator be secure?

Tim Peters tim.peters at gmail.com
Fri Sep 11 19:16:12 CEST 2015


[Steven D'Aprano]
>>> The default MT is certainly deterministic, and although only the output
>>> of random() itself is guaranteed to be reproducible, the other methods
>>> are *usually* stable in practice.
>>>
>>> There's a jumpahead method too,

[Tim]
>> Not in Python.

[Steve]
> It is there, up to Python 2.7. I hadn't noticed it was gone in Python 3.

Yes, there's something _called_ `,jumpahead()`, for backward
compatibility with the old WIchmann-Hill generator.  But what it does
for MT is "eh - no idea what to do, so let's just make stuff up":

    def jumpahead(self, n):
        """Change the internal state to one that is likely far away
        from the current state.  This method will not be in Py3.x,
        so it is better to simply reseed.
        """
        # The super.jumpahead() method uses shuffling to change state,
        # so it needs a large and "interesting" n to work with.  Here,
        # we use hashing to create a large n for the shuffle.
        s = repr(n) + repr(self.getstate())
        n = int(_hashlib.new('sha512', s).hexdigest(), 16)
        super(Random, self).jumpahead(n)

I doubt there's anything that can be proved about the result of doing
that - except that it's almost certain it won't bear any relationship
to what calling the generator `n` times instead would have done ;-)


More information about the Python-ideas mailing list