Generating Unique Keys

Paul Rubin phr-n2003b at NOSPAMnightsong.com
Tue Jan 28 00:16:09 CET 2003


Skip Montanaro <skip at pobox.com> writes:
>     Chad> In this case, it depends on on the implementation of random().
>     Chad> Python's default random.random() is NOT anywhere near
>     Chad> unpredictable enough to be secure.  If you see a sequence of
>     Chad> random numbers, it is possible (in principle) to 'solve' the seed
>     Chad> and sequence, and start predicting the next random numbers.  The
>     Chad> details typically amount to solving a linear difference equation
>     Chad> (which is doable).
> 
> Is this also true for the new-in-2.3 random number generator (Mersenne
> Twister)?  I'm not trying to pick nits with your arguments, just asking.  I
> know nothing about cryptography or random number generation.

Yes.  Mersenne Twister tries to have good statistical properties so
that your simulations won't be biased by accident.  But it makes no
attempt at all to thwart malicious attacks.  Also, the implementations
I've seen (I haven't looked at 2.3's) use just a 32-bit initial seed,
so it's fairly quick for an attacker to search this whole 32-bit space.

The right way to get secure random strings on Linux or *BSD is just
read the number of bytes you want from the /dev/urandom device.  On
Windows, the right way is to call the Windows CAPI function
"CryptGenRandom":

   http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/cryptgenrandom.asp

Shorter url for same page:

   http://tinyurl.com/4z0q

It would be good if someone could write a Python wrapper around
CryptGenRandom for Windows for inclusion in the standard library.




More information about the Python-list mailing list