[Python-ideas] Should our default random number generator be secure?
Stephen J. Turnbull
stephen at xemacs.org
Mon Sep 14 10:30:47 CEST 2015
Tim Peters writes:
> > "doing crypto" (== security) is like "speaking prose": a lot of folks
> > doing it don't realize that's what they're doing -- and they don't
> > care, either.
>
> I don't know that it's true, though. Crypto wonks are like lawyers
> that way, always worrying about the worst possible case "in
> theory".
Well, my worst possible case "in theory" was that a documented MTA
parameter would simply not be implemented and not error when I
configured it to a non-default value -- but that's how yours truly
ended up running an open relay (Smail 3.1.100 I think it was, and I
got it from Debian so it wasn't like I was using alpha code). That's
what taught me to do functional tests. :-)
So yes, I do think there are a lot of folks out there working with
software without realizing that there are any risks involved. Life
being life, I'd bet on some of them being programmers working with RNG.
> In my personal life, I've had to tell lawyers "enough already - I'm
> not paying another N thousand dollars to insert another page about
> what happens in case of nuclear war".
But see, that's my main point. Analogies to *anybody's* personal life
are irrelevant when we're talking about a bug that could be fixed
*once* and save *millions* of users from being exploited. If the
wonks are right, it's a big deal, big enough to balance the low
probability of them being right. ;-)
> The best social engineering is for a bot to rummage through your
> email address book and send copies of itself to people you know,
> appearing to be a thoroughly legitimate email from you. Add a
> teaser to invite the recipient to click on the attachment, and
> response rate can be terrific.
Sure, but that's not what happened at AOL and Yahoo! AFAIK (of course
they're pretty cagey about details). It seems that a single leak or a
small number of leaks at each company exposed millions of address
books. (I hasten to add that I doubt the Mersenne Twister had
anything to do with the leaks.)
> What I question is whether this has anything _plausible_ to do with
> Python's PRNG.
Me too. People who claim some expertise think so, though.
> Would the user _really_ be better off using .urandom()? I don't know.
> Since a crypto wonk will rarely recommend doing anything _other_ than
> using urandom() directly, I bet they'd discourage using .choice() at
> all,
That's not unfair, but if they did, I'd go find myself another crypto
wonk. But who cares about me? What matters is that Guido would, too.
> Judging [the random module] by standards that didn't become trendy
> until much later is only fair now ;-)
You're not the only one who, when offered a choice between fair and
fun, chooses the latter. ;-)
> We can even give it a name shorter than "random" to encourage its
> use. That's all most users really care about anyway ;-)
That's beyond "unfair"!
More information about the Python-ideas
mailing list