[Python-ideas] Should our default random number generator be secure?
Robert Kern
robert.kern at gmail.com
Wed Sep 16 15:25:22 CEST 2015
On 2015-09-16 12:38, M.-A. Lemburg wrote:
> What I wanted to emphasize is that a common way of coming up
> with a stream cipher is to use an existing block cipher which you
> then transform into a stream cipher. See e.g.
>
> https://www.emsec.rub.de/media/crypto/attachments/files/2011/03/hudde.pdf
>
> E.g. take AES run in CTR (counter) mode: it applies AES repeatedly
> to the values of a simple counter as "RNG".
Indeed. DE Shaw has done the analysis for you:
https://www.deshawresearch.com/resources_random123.html
> Running MT + AES would result in a similar setup, except that the
> source would have somewhat better qualities and would be based
> on standard well studied technology, albeit slower than going
> straight for a native stream cipher.
Why do you think it would have better qualities? You'll have to redo the
analysis that makes MT and AES each so well-studied, and I'm not sure that all
of the desirable properties of either will survive the combination.
--
Robert Kern
"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco
More information about the Python-ideas
mailing list