[Python-ideas] Should our default random number generator be secure?

M.-A. Lemburg mal at egenix.com
Fri Sep 11 22:44:46 CEST 2015

On 11.09.2015 20:52, Tim Peters wrote:
> [Tim]
>>> ...
>>> 2. If they knew they were targeting MT, and had 624 consecutive 32-bit
>>> outputs, they could compute MT's full internal state essentially
>>> instantly.
> [Marc-Andre]
>> How would they do that ? MT's period is too large for
>> things like rainbow tables.
> It's not trivial to figure out how to do this, but once you do, it
> works ;-)  No search, or tables, of any kind are required.  It's just
> simple (albeit non-obvious!) bit-fiddling to invert MT's
> state-to-output transformations to get the state back.  Here's a very
> nice writeup:
> https://jazzy.id.au/2010/09/22/cracking_random_number_generators_part_3.html

Indeed very nice. Thanks for the pointer.

I wonder why untwister doesn't use this. I gave it 1000 32-bit
integers, so it should have enough information to recover the
seed in a short while, but it's still trying to find the seed.
Oh, and it now shows: 5 days 21 hours left. I stopped it there.

Anyone up for a random.recover_seed() function ? ;-)

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, Sep 11 2015)
>>> Python Projects, Coaching and Consulting ...  http://www.egenix.com/
>>> mxODBC Plone/Zope Database Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
2015-09-18: PyCon UK 2015 ...                               7 days to go

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Python-ideas mailing list