[Python-ideas] Should our default random number generator be secure?

Tim Peters tim.peters at gmail.com
Wed Sep 16 02:55:00 CEST 2015


[Tim]
> ...
> Oh, sure.  MT's creators noted from the start that it would suffice to
> run MT's outputs through a crypto hash (like your favorite flavor of
> SHA).  That's just as vulnerable to "poor seeding" attacks as plain
> MT, but it's computationally infeasible to deduce the state from any
> number of hashed outputs

Although what's "computationally feasible" may well have changed since
then!  These days I expect even a modestly endowed attacker could
afford to store an exhaustive table of the 2**32 possible outputs and
their corresponding hashes.  Then the hashes are 100% invertible via
simple lookup, so are no better than not hashing at all.


More information about the Python-ideas mailing list