Using SHA1 as RNG

Trevor Perrin trevp at
Fri Mar 14 23:23:24 CET 2003

"Giovanni Bajo" <noway at> wrote in message news:<5pqca.13331$7y3.390687 at>...
> "Klaus Alexander Seistrup" <spam at> ha scritto nel messaggio
> news:d2aeb0b6-4701-4a49-be95-c3b9e75efb69 at
> > So I
> > thought, why not use SHA1 in the core generator?  Perhaps something
> > along these lines:
> Unless you studied the distribution, you have no proof that the resulting
> sequence has a long period, for any starting seed. I would not be surprised
> if the period was much smaller, in fact. And besides, it would probably be
> very slow.

SHA1 has 160 bits of internal state, so even assuming the compression
function is pseudorandom, a collision with some previous value would
likely occur after 2^80 iterations (because of the birthday paradox),
and then the sequence would repeat.


More information about the Python-list mailing list