Generating Unique Keys

Paul Rubin phr-n2003b at
Wed Jan 29 00:07:21 CET 2003

Chad Netzer <cnetzer at> writes:
> > If you've got a source of good random numbers, you can just use them
> > directly as tokens and not need this hashing stuff.
> ??? - Surely you must assume that Trevor was talking about normal 
> pseudo-random number generators (not cryptographically secure, or true 
> entropy based random numbers; Trevor, am I correct?).  The point is 
> that one is not always sure of the "randomness" of numbers on different 
> platforms, and simple pseudo-random number generators are generally 
> much more prevalent.

I thought he meant cryptographically secure random numbers, or at
least unguessable ones.

> In general, for these types of things, the approach I've seen and heard 
> of most is to use a random (ideally truly random) starting secret, and 
> chains of cryptographic hash sequences (with periodic re-seeding).

Yes, that would count as secure random numbers and most OS's these
days include services to provide them.  It would be really good if
Python had a standard library call to use those services.

More information about the Python-list mailing list