Is this secure?

Peter Pearson ppearson at nowhere.invalid
Fri Feb 26 15:17:43 EST 2010


On Wed, 24 Feb 2010 21:02:07 +0100, mk <mrkafk at gmail.com> wrote:
[snip]
>
> rand_str_SystemRandom_seeding
> mean 3845.15384615 std dev 46.2016419186
> l 3926 1.75 std devs away from mean
> y 3916 1.53 std devs away from mean
> d 3909 1.38 std devs away from mean
> a 3898 1.14 std devs away from mean
> p 3898 1.14 std devs away from mean
> c 3889 0.95 std devs away from mean
> u 3884 0.84 std devs away from mean
> j 3873 0.60 std devs away from mean
> n 3873 0.60 std devs away from mean
> w 3866 0.45 std devs away from mean
> x 3863 0.39 std devs away from mean
> r 3855 0.21 std devs away from mean
> m 3852 0.15 std devs away from mean
> b 3841 -0.09 std devs away from mean
> t 3835 -0.22 std devs away from mean
> o 3829 -0.35 std devs away from mean
> k 3827 -0.39 std devs away from mean
> i 3821 -0.52 std devs away from mean
> s 3812 -0.72 std devs away from mean
> q 3806 -0.85 std devs away from mean
> v 3803 -0.91 std devs away from mean
> g 3799 -1.00 std devs away from mean
> h 3793 -1.13 std devs away from mean
> e 3782 -1.37 std devs away from mean
> f 3766 -1.71 std devs away from mean
> z 3758 -1.89 std devs away from mean

Chi2 = 14.43, 25 d.f., prob = 0.046362.
The observed distribution is SIGNIFICANTLY CLOSER
to the uniform distribution than reasonable by chance.

> rand_str_SystemRandom_noseeding
> mean 3845.15384615 std dev 55.670522726
> i 3961 2.08 std devs away from mean
> r 3911 1.18 std devs away from mean
> e 3910 1.16 std devs away from mean
> m 3905 1.08 std devs away from mean
> a 3901 1.00 std devs away from mean
> u 3893 0.86 std devs away from mean
> t 3882 0.66 std devs away from mean
> w 3872 0.48 std devs away from mean
> s 3870 0.45 std devs away from mean
> c 3868 0.41 std devs away from mean
> n 3866 0.37 std devs away from mean
> q 3865 0.36 std devs away from mean
> k 3863 0.32 std devs away from mean
> y 3848 0.05 std devs away from mean
> j 3836 -0.16 std devs away from mean
> v 3830 -0.27 std devs away from mean
> f 3829 -0.29 std devs away from mean
> z 3829 -0.29 std devs away from mean
> g 3827 -0.33 std devs away from mean
> l 3818 -0.49 std devs away from mean
> b 3803 -0.76 std devs away from mean
> d 3803 -0.76 std devs away from mean
> p 3756 -1.60 std devs away from mean
> x 3755 -1.62 std devs away from mean
> h 3744 -1.82 std devs away from mean
> o 3729 -2.09 std devs away from mean

Chi2 = 20.96, 25 d.f., prob = 0.304944.
The observed distribution is not significantly different
from the uniform distribution.

> rand_str_custom
> mean 3517.15384615 std dev 40.7541336343
> i 3586 1.69 std devs away from mean
> a 3578 1.49 std devs away from mean
> e 3575 1.42 std devs away from mean
> m 3570 1.30 std devs away from mean
> q 3562 1.10 std devs away from mean
> c 3555 0.93 std devs away from mean
> g 3552 0.86 std devs away from mean
> w 3542 0.61 std devs away from mean
> p 3536 0.46 std devs away from mean
> x 3533 0.39 std devs away from mean
> s 3528 0.27 std devs away from mean
> o 3524 0.17 std devs away from mean
> d 3516 -0.03 std devs away from mean
> t 3515 -0.05 std devs away from mean
> h 3511 -0.15 std devs away from mean
> v 3502 -0.37 std devs away from mean
> z 3502 -0.37 std devs away from mean
> b 3500 -0.42 std devs away from mean
> f 3496 -0.52 std devs away from mean
> u 3492 -0.62 std devs away from mean
> l 3486 -0.76 std devs away from mean
> r 3478 -0.96 std devs away from mean
> n 3476 -1.01 std devs away from mean
> j 3451 -1.62 std devs away from mean
> k 3450 -1.65 std devs away from mean
> y 3430 -2.14 std devs away from mean

Chi2 = 12.28, 25 d.f., prob = 0.015815.
The observed distribution is SIGNIFICANTLY CLOSER
to the uniform distribution than reasonable by chance.

> It would appear that SystemRandom().choice is indeed best (in terms of 
> how much the counts stray from mean in std devs), but only after seeding 
> it with os.urandom.

I don't see any reason to worry about any of the three, except
perhaps that the first and last are surprisingly uniform.

-- 
To email me, substitute nowhere->spamcop, invalid->net.



More information about the Python-list mailing list