[Python-ideas] Should our default random number generator be secure?
Sturla Molden
sturla.molden at gmail.com
Mon Sep 14 17:53:53 CEST 2015
On 10/09/15 03:55, Tim Peters wrote:
> Would your answer change if a crypto generator were _faster_ than MT?
> MT isn't speedy by modern standards, and is cache-hostile (about 2500
> bytes of mutable state).
>
> Not claiming a crypto hash _would_ be faster. But it is possible.
Speed is not the main matter of concern. MT19937 is not very fast, it is
very accurate. It is used in scientific computing when we want to
simulate sampling from a given distribution as accurately as possible.
Its strength is in the distribution of number it generates, not in its
security or speed. MT19937 allows us to produce a very precise
simulation of a stochastic process. The alternatives cannot compare in
numerical quality, though they might be faster or more secure, or both.
When we use MT19937 in scientific computing we deliberately sacrifice
speed for accuracy. A cryto hash might be faster, but will it be more
accurate? Accuracy means how well the generated sequence emulates
sampling from a perfect uniform distribution. MT19937 does not have any
real competition in this game.
Sturla
More information about the Python-ideas
mailing list