[Python-ideas] Should our default random number generator be secure?

Cory Benfield cory at lukasa.co.uk
Mon Sep 14 14:31:24 CEST 2015

On 14 September 2015 at 13:26, João Bernardo <jbvsmo at gmail.com> wrote:
> Quick fix!
> The problem with MT would be someone having all 624 32-byte numbers from the
> state. So, every now and then, the random generator should run twice and
> discard one of the outputs.
> Do this about 20 times for each 624 calls and no brute force can find the
> state. Thanks for your attention ;)

'Every now and then': what's that? Is it a deterministic interval or a
random one? If a random one, where does the random number come from:
MT? If deterministic, it's trivial to include the effect in your

More generally, what you're doing here is gaining *information* about
the state. You don't have to know it perfectly, just to reduce the
space of possible states down. Even if you threw 95% of the results of
MT away, each time I watch I can reduce the space of possible states
the MT is in.

This is not a fix.

More information about the Python-ideas mailing list