How good is security via hashing
geremy condra
debatem1 at gmail.com
Wed Jun 8 01:25:12 EDT 2011
On Tue, Jun 7, 2011 at 7:30 PM, Paul Rubin <no.email at nospam.invalid> wrote:
> Christian Heimes <lists at cheimes.de> writes:
>> PyCrypto has a strong pseudorandom number generator, too.
>
> If you mean the one at pycrypto.org, that page now says:
>
> Random number generation
>
> Do not use RandomPool to generate random numbers. Use Crypto.Random
> instead. RandomPool is deprecated and will be removed in a future
> release. See this thread to find out why.
On a related note, keyczar just got bitten by this.
> Crypto.Random just uses system randomness, which is the right thing to
> do. It then goes and runs them through a distiller (Fortuna), which
> seems a little bit silly to me, but harmless.
IIRC this is mostly to help deal with the possibility of running on
older Windows machines, where the cryptographic random number service
was of very poor quality.
Geremy Condra
More information about the Python-list
mailing list