[Python-ideas] Should our default random number generator be secure?

Tim Peters tim.peters at gmail.com
Fri Sep 11 20:52:08 CEST 2015

>> ...
>> 2. If they knew they were targeting MT, and had 624 consecutive 32-bit
>> outputs, they could compute MT's full internal state essentially
>> instantly.

> How would they do that ? MT's period is too large for
> things like rainbow tables.

It's not trivial to figure out how to do this, but once you do, it
works ;-)  No search, or tables, of any kind are required.  It's just
simple (albeit non-obvious!) bit-fiddling to invert MT's
state-to-output transformations to get the state back.  Here's a very
nice writeup:


More information about the Python-ideas mailing list