[Python-ideas] Should our default random number generator be secure?

Sturla Molden sturla.molden at gmail.com
Mon Sep 14 17:53:53 CEST 2015


On 10/09/15 03:55, Tim Peters wrote:

> Would your answer change if a crypto generator were _faster_ than MT?
> MT isn't speedy by modern standards, and is cache-hostile (about 2500
> bytes of mutable state).
>
> Not claiming a crypto hash _would_ be faster.  But it is possible.

Speed is not the main matter of concern. MT19937 is not very fast, it is 
very accurate. It is used in scientific computing when we want to 
simulate sampling from a given distribution as accurately as possible. 
Its strength is in the distribution of number it generates, not in its 
security or speed. MT19937 allows us to produce a very precise 
simulation of a stochastic process. The alternatives cannot compare in 
numerical quality, though they might be faster or more secure, or both.

When we use MT19937 in scientific computing we deliberately sacrifice 
speed for accuracy. A cryto hash might be faster, but will it be more 
accurate? Accuracy means how well the generated sequence emulates 
sampling from a perfect uniform distribution. MT19937 does not have any 
real competition in this game.


Sturla







More information about the Python-ideas mailing list