[Python-ideas] Should our default random number generator be secure?
tim.peters at gmail.com
Wed Sep 16 02:55:00 CEST 2015
> Oh, sure. MT's creators noted from the start that it would suffice to
> run MT's outputs through a crypto hash (like your favorite flavor of
> SHA). That's just as vulnerable to "poor seeding" attacks as plain
> MT, but it's computationally infeasible to deduce the state from any
> number of hashed outputs
Although what's "computationally feasible" may well have changed since
then! These days I expect even a modestly endowed attacker could
afford to store an exhaustive table of the 2**32 possible outputs and
their corresponding hashes. Then the hashes are 100% invertible via
simple lookup, so are no better than not hashing at all.
More information about the Python-ideas