Using SHA1 as RNG

Trevor Perrin trevp at trevp.net
Fri Mar 14 23:23:24 CET 2003


"Giovanni Bajo" <noway at sorry.com> wrote in message news:<5pqca.13331$7y3.390687 at twister1.libero.it>...
> "Klaus Alexander Seistrup" <spam at magnetic-ink.dk> ha scritto nel messaggio
> news:d2aeb0b6-4701-4a49-be95-c3b9e75efb69 at news.szn.dk...
> 
> > So I
> > thought, why not use SHA1 in the core generator?  Perhaps something
> > along these lines:
> 
> Unless you studied the distribution, you have no proof that the resulting
> sequence has a long period, for any starting seed. I would not be surprised
> if the period was much smaller, in fact. And besides, it would probably be
> very slow.

SHA1 has 160 bits of internal state, so even assuming the compression
function is pseudorandom, a collision with some previous value would
likely occur after 2^80 iterations (because of the birthday paradox),
and then the sequence would repeat.

Trevor




More information about the Python-list mailing list