Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #75986
| Path | csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!xlned.com!feeder5.xlned.com!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <ian.g.kelly@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.007 |
| X-Spam-Evidence | '*H*': 0.99; '*S*': 0.00; 'output': 0.05; 'django,': 0.09; 'falls': 0.09; 'input,': 0.09; 'subject:language': 0.09; 'subject:string': 0.09; 'python': 0.11; 'creates': 0.14; 'expert,': 0.16; 'fallback': 0.16; 'subject:generation': 0.16; 'subject:random': 0.16; "\xc2\xa0i'm": 0.16; 'wrote:': 0.18; 'input': 0.22; 'aug': 0.22; 'email addr:gmail.com>': 0.22; "i've": 0.25; '>': 0.26; 'required.': 0.27; 'header:In-Reply- To:1': 0.27; 'function': 0.29; 'am,': 0.29; 'message- id:@mail.gmail.com': 0.30; 'along': 0.30; "i'm": 0.30; 'though.': 0.31; 'class': 0.32; 'case,': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'right?': 0.36; 'being': 0.38; 'to:addr:python-list': 0.38; 'heard': 0.39; 'to:addr:python.org': 0.39; 'even': 0.60; 'skip:u 10': 0.60; 'establish': 0.61; 'back': 0.62; 'more': 0.64; 'burden': 0.68; 'secret': 0.74; 'secret,': 0.84 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=3rbxFo25aMq6tN5nQZvYLK7p+eNldUN3UrnW6vcFAOk=; b=CDgl4Dqasd4lhSFd5KDENWAbsJIHBVeTbfn87zUeo5O0dGFgxZx+XyGZ9hsR02bCoq dsoItJkPlPBCUJf6ojLYWt4OftXhzC5CcYDwX2lMuVSmoYObg+328Jebe+U9mi0uDHg4 z2bDGOhwm8M/lbw6MtL0NdG9Vuerm1vAV/7pjFr9UGBvnBNouh7g/QsdfQi3mycSMeSs O1Ws/ku3YbMRgUq0zxmlixC1538PDzJ5kxlrlTY9bqUoYJ60396kFF3Mt3iXnyVW78fC DuI4vMMoP4hRHlnFxnbObJHEEQmnDERg8ADBEkE6+anrqVskTSRtCjc/iMN6VjYXN+uz DDiw== |
| X-Received | by 10.66.154.234 with SMTP id vr10mr36743383pab.44.1407688736123; Sun, 10 Aug 2014 09:38:56 -0700 (PDT) |
| MIME-Version | 1.0 |
| In-Reply-To | <CABicbJ+iseTxkBOndUn-yRP_5R5eRDXg+_0aHjbCt9LWUJVpqg@mail.gmail.com> |
| References | <14d94692-2257-4dfb-a82f-f1674a839233@googlegroups.com> <CABicbJ+iseTxkBOndUn-yRP_5R5eRDXg+_0aHjbCt9LWUJVpqg@mail.gmail.com> |
| From | Ian Kelly <ian.g.kelly@gmail.com> |
| Date | Sun, 10 Aug 2014 10:38:16 -0600 |
| Subject | Re: Template language for random string generation |
| To | Python <python-list@python.org> |
| Content-Type | multipart/alternative; boundary=047d7b6d83b81232c005004913dd |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.12818.1407688739.18130.python-list@python.org> (permalink) |
| Lines | 45 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1407688739 news.xs4all.nl 2916 [2001:888:2000:d::a6]:49317 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:75986 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
On Aug 10, 2014 6:45 AM, "Devin Jeanpierre" <jeanpierreda@gmail.com> wrote: > > * Uses SystemRandom class (if available, or falls back to Random) > > This sounds cryptographically weak. Isn't the normal thing to do to > use a cryptographic hash function to generate a pseudorandom sequence? You mean in the fallback case, right? I'm no crypto expert, but I've never heard of SystemRandom being contra-recommended for crypto, and even the Python docs recommend it. The output of even a cryptographically strong hash isn't going to have any more entropy than the input, so if the input is predictable then the output will be also. One approach I'm aware of, which is used by Django, is to hash the RNG state along with the time and a local secret In order to reseed the RNG unpredictably whenever randomness is required. That creates a configuration burden in order to establish the secret, though.
Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread
Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-08 02:01 -0700
Re: Template language for random string generation Chris Angelico <rosuav@gmail.com> - 2014-08-08 19:22 +1000
Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-08 02:42 -0700
Re: Template language for random string generation Ned Batchelder <ned@nedbatchelder.com> - 2014-08-08 07:20 -0400
Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-08 06:02 -0700
Re: Template language for random string generation Chris Angelico <rosuav@gmail.com> - 2014-08-08 21:29 +1000
Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-08 06:03 -0700
Re: Template language for random string generation Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-08-09 00:08 +1000
Re: Template language for random string generation Skip Montanaro <skip@pobox.com> - 2014-08-08 09:35 -0500
Re: Template language for random string generation cwolf.algo@gmail.com - 2014-08-08 11:43 -0700
Re: Template language for random string generation Nick Cash <nick.cash@npcinternational.com> - 2014-08-08 20:28 +0000
Re: Template language for random string generation Ian Kelly <ian.g.kelly@gmail.com> - 2014-08-08 16:03 -0600
Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-08 23:52 -0700
Re: Template language for random string generation Ian Kelly <ian.g.kelly@gmail.com> - 2014-08-09 01:49 -0600
Re: Template language for random string generation Ian Kelly <ian.g.kelly@gmail.com> - 2014-08-09 01:57 -0600
Re: Template language for random string generation Devin Jeanpierre <jeanpierreda@gmail.com> - 2014-08-10 05:43 -0700
Re: Template language for random string generation Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-08-11 02:31 +1000
Re: Template language for random string generation Devin Jeanpierre <jeanpierreda@gmail.com> - 2014-08-10 11:28 -0700
Re: Template language for random string generation Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-08-11 12:22 +1000
Re: Template language for random string generation Chris Angelico <rosuav@gmail.com> - 2014-08-11 12:31 +1000
Re: Template language for random string generation Devin Jeanpierre <jeanpierreda@gmail.com> - 2014-08-11 00:01 -0700
Re: Template language for random string generation Chris Angelico <rosuav@gmail.com> - 2014-08-11 05:25 +1000
Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-10 22:06 -0700
Re: Template language for random string generation Mark Lawrence <breamoreboy@yahoo.co.uk> - 2014-08-11 08:58 +0100
Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-10 09:34 -0700
Re: Template language for random string generation Ian Kelly <ian.g.kelly@gmail.com> - 2014-08-10 10:47 -0600
Re: Template language for random string generation Paul Wolf <paulwolf333@gmail.com> - 2014-08-10 21:56 -0700
Re: Template language for random string generation Devin Jeanpierre <jeanpierreda@gmail.com> - 2014-08-10 11:48 -0700
Re: Template language for random string generation Ian Kelly <ian.g.kelly@gmail.com> - 2014-08-10 10:38 -0600
csiph-web