SHA-based subclass for random module
Holger Duerer
H.Duerer at gmx.net
Mon Mar 22 09:46:30 EST 2004
>>>>> "Raymond" == Raymond Hettinger <python at rcn.com> writes:
>> Since the size of plaintext is only 2^53, can't I just
>> calculate all 2^53 md5 values in advance, and invert the output
>> of MD5Random to get MT outputs, then attack MT just like any
>> LFSR?
Raymond> Change the plaintext line to read:
Raymond> plaintxt = str(Random.getrandbits(self, 128))
Raymond> Now, 128 bits of input space gets digested to 128 bits
Raymond> and then only 53 of those bits are used in to compute the
Raymond> float. That should preclude the formation of an
Raymond> inversion table.
I don't know what getrandbits does exactly. But if it uses the normal
PRNG code, doesn't that mean that your plaintext still has only 32
bits of entropy? I.e. if you want to do an inversion lookup table,
you would only have to calculate the 2^32 possible outcomes of this
call and not all 2^128 theoretically possible ones?
Holger
More information about the Python-list
mailing list