[Python-ideas] Should our default random number generator be secure?
Tim Peters
tim.peters at gmail.com
Fri Sep 11 20:52:08 CEST 2015
[Tim]
>> ...
>> 2. If they knew they were targeting MT, and had 624 consecutive 32-bit
>> outputs, they could compute MT's full internal state essentially
>> instantly.
[Marc-Andre]
> How would they do that ? MT's period is too large for
> things like rainbow tables.
It's not trivial to figure out how to do this, but once you do, it
works ;-) No search, or tables, of any kind are required. It's just
simple (albeit non-obvious!) bit-fiddling to invert MT's
state-to-output transformations to get the state back. Here's a very
nice writeup:
https://jazzy.id.au/2010/09/22/cracking_random_number_generators_part_3.html
More information about the Python-ideas
mailing list