[Python-ideas] Should our default random number generator be secure?

Robert Kern robert.kern at gmail.com
Wed Sep 16 15:25:22 CEST 2015

On 2015-09-16 12:38, M.-A. Lemburg wrote:

> What I wanted to emphasize is that a common way of coming up
> with a stream cipher is to use an existing block cipher which you
> then transform into a stream cipher. See e.g.
> https://www.emsec.rub.de/media/crypto/attachments/files/2011/03/hudde.pdf
> E.g. take AES run in CTR (counter) mode: it applies AES repeatedly
> to the values of a simple counter as "RNG".

Indeed. DE Shaw has done the analysis for you:


> Running MT + AES would result in a similar setup, except that the
> source would have somewhat better qualities and would be based
> on standard well studied technology, albeit slower than going
> straight for a native stream cipher.

Why do you think it would have better qualities? You'll have to redo the 
analysis that makes MT and AES each so well-studied, and I'm not sure that all 
of the desirable properties of either will survive the combination.

Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
  that is made terrible by our own mad attempt to interpret it as though it had
  an underlying truth."
   -- Umberto Eco

More information about the Python-ideas mailing list