Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #7146

Re: How good is security via hashing

Show all headers | View raw

On 07/06/2011 11:26, Nitin Pawar wrote:
> Have you tried using UUID module?
>
> Its pretty handy and comes with base64 encoding function which gives
> extremely high quality randon strings
>
> ref:
> http://stackoverflow.com/questions/621649/python-and-random-keys-of-21-char-max
......
I didn't actually ask for a suitable method for doing this; I assumed that Tim 
Peters' algorithm (at least I think he's behind most of the python random 
support) is pretty good so that the bits produced are indeed fairly good 
approximations to random.

I guess what I'm asking is whether any sequence that's using random to generate 
random numbers is predictable if enough samples are drawn. In this case assuming 
that fastcgi is being used can I observe a sequence of generated numbers and 
work out the state of the generator. If that is possible then the sequence 
becomes deterministic and such a scheme is useless. If I use cgi then we're 
re-initializing the sequence hopefully using some other unrelated randomness for 
each number.

Uuid apparently uses machine internals etc etc to try and produce randomness, 
but urandom and similar can block so are probably not entirely suitable.
-- 
Robin Becker

Back to comp.lang.python | Previous | Next — Next in thread | Find similar | Unroll thread

Thread

Re: How good is security via hashing Robin Becker <robin@reportlab.com> - 2011-06-07 12:35 +0100
  Re: How good is security via hashing Jean-Paul Calderone <calderone.jeanpaul@gmail.com> - 2011-06-07 04:42 -0700
    Re: How good is security via hashing Robin Becker <robin@reportlab.com> - 2011-06-07 13:07 +0100

csiph-web