[Python-ideas] Should our default random number generator be secure?
Stephen J. Turnbull
stephen at xemacs.org
Mon Sep 14 10:30:47 CEST 2015
Tim Peters writes:
> > "doing crypto" (== security) is like "speaking prose": a lot of folks
> > doing it don't realize that's what they're doing -- and they don't
> > care, either.
> I don't know that it's true, though. Crypto wonks are like lawyers
> that way, always worrying about the worst possible case "in
Well, my worst possible case "in theory" was that a documented MTA
parameter would simply not be implemented and not error when I
configured it to a non-default value -- but that's how yours truly
ended up running an open relay (Smail 3.1.100 I think it was, and I
got it from Debian so it wasn't like I was using alpha code). That's
what taught me to do functional tests. :-)
So yes, I do think there are a lot of folks out there working with
software without realizing that there are any risks involved. Life
being life, I'd bet on some of them being programmers working with RNG.
> In my personal life, I've had to tell lawyers "enough already - I'm
> not paying another N thousand dollars to insert another page about
> what happens in case of nuclear war".
But see, that's my main point. Analogies to *anybody's* personal life
are irrelevant when we're talking about a bug that could be fixed
*once* and save *millions* of users from being exploited. If the
wonks are right, it's a big deal, big enough to balance the low
probability of them being right. ;-)
> The best social engineering is for a bot to rummage through your
> email address book and send copies of itself to people you know,
> appearing to be a thoroughly legitimate email from you. Add a
> teaser to invite the recipient to click on the attachment, and
> response rate can be terrific.
Sure, but that's not what happened at AOL and Yahoo! AFAIK (of course
they're pretty cagey about details). It seems that a single leak or a
small number of leaks at each company exposed millions of address
books. (I hasten to add that I doubt the Mersenne Twister had
anything to do with the leaks.)
> What I question is whether this has anything _plausible_ to do with
> Python's PRNG.
Me too. People who claim some expertise think so, though.
> Would the user _really_ be better off using .urandom()? I don't know.
> Since a crypto wonk will rarely recommend doing anything _other_ than
> using urandom() directly, I bet they'd discourage using .choice() at
That's not unfair, but if they did, I'd go find myself another crypto
wonk. But who cares about me? What matters is that Guido would, too.
> Judging [the random module] by standards that didn't become trendy
> until much later is only fair now ;-)
You're not the only one who, when offered a choice between fair and
fun, chooses the latter. ;-)
> We can even give it a name shorter than "random" to encourage its
> use. That's all most users really care about anyway ;-)
That's beyond "unfair"!
More information about the Python-ideas