Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #7146
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!selfless.tophat.at!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <python-python-list@m.gmane.org> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.001 |
| X-Spam-Evidence | '*H*': 1.00; '*S*': 0.00; '(at': 0.03; 'bits': 0.07; 'python': 0.08; 'assumed': 0.09; 'base64': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:80.91.229.12': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'received:lo.gmane.org': 0.09; 'wrote:': 0.14; 'handy': 0.16; 'module?': 0.16; 'nitin': 0.16; "peters'": 0.16; 'predictable': 0.16; 'random.': 0.16; 'subject:security': 0.16; 'suitable.': 0.16; 'useless.': 0.16; 'algorithm': 0.16; 'hopefully': 0.16; 'guess': 0.19; 'header:In-Reply-To:1': 0.21; 'function': 0.25; 'produced': 0.26; 'tried': 0.27; "i'm": 0.27; 'random': 0.28; "he's": 0.29; 'least': 0.30; 'subject:How': 0.30; 'fairly': 0.30; 'observe': 0.30; 'support)': 0.30; "didn't": 0.31; 'header:X -Complaints-To:1': 0.32; 'to:addr:python-list': 0.33; 'actually': 0.33; 'asking': 0.33; 'machine': 0.33; "we're": 0.34; 'header :User-Agent:1': 0.35; 'using': 0.35; 'probably': 0.36; 'uses': 0.36; 'similar': 0.37; 'assuming': 0.37; 'sequence': 0.37; 'case': 0.37; 'extremely': 0.37; 'pretty': 0.37; 'think': 0.38; 'received:org': 0.38; 'but': 0.38; 'subject:: ': 0.38; 'some': 0.38; 'doing': 0.39; 'header:Mime-Version:1': 0.39; 'to:addr:python.org': 0.39; 'entirely': 0.40; 'generate': 0.60; 'high': 0.67; 'ref:': 0.67; 'quality': 0.74; '.......': 0.84; 'robin': 0.84; 'subject:good': 0.93 |
| X-Injected-Via-Gmane | http://gmane.org/ |
| To | python-list@python.org |
| From | Robin Becker <robin@reportlab.com> |
| Subject | Re: How good is security via hashing |
| Date | Tue, 07 Jun 2011 12:35:21 +0100 |
| References | <4DEDFAEB.4050006@chamonix.reportlab.co.uk> <BANLkTinRJpe6zQ5EYVYXxjfc+ue=Gh-4JA@mail.gmail.com> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=ISO-8859-1; format=flowed |
| Content-Transfer-Encoding | 7bit |
| X-Gmane-NNTP-Posting-Host | fpc2-nmal8-0-0-cust4.croy.static.cable.virginmedia.com |
| User-Agent | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 |
| In-Reply-To | <BANLkTinRJpe6zQ5EYVYXxjfc+ue=Gh-4JA@mail.gmail.com> |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.12 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.2526.1307446540.9059.python-list@python.org> (permalink) |
| Lines | 27 |
| NNTP-Posting-Host | 82.94.164.166 |
| X-Trace | 1307446540 news.xs4all.nl 49046 [::ffff:82.94.164.166]:43582 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.python:7146 |
Show key headers only | View raw
On 07/06/2011 11:26, Nitin Pawar wrote: > Have you tried using UUID module? > > Its pretty handy and comes with base64 encoding function which gives > extremely high quality randon strings > > ref: > http://stackoverflow.com/questions/621649/python-and-random-keys-of-21-char-max ...... I didn't actually ask for a suitable method for doing this; I assumed that Tim Peters' algorithm (at least I think he's behind most of the python random support) is pretty good so that the bits produced are indeed fairly good approximations to random. I guess what I'm asking is whether any sequence that's using random to generate random numbers is predictable if enough samples are drawn. In this case assuming that fastcgi is being used can I observe a sequence of generated numbers and work out the state of the generator. If that is possible then the sequence becomes deterministic and such a scheme is useless. If I use cgi then we're re-initializing the sequence hopefully using some other unrelated randomness for each number. Uuid apparently uses machine internals etc etc to try and produce randomness, but urandom and similar can block so are probably not entirely suitable. -- Robin Becker
Back to comp.lang.python | Previous | Next — Next in thread | Find similar | Unroll thread
Re: How good is security via hashing Robin Becker <robin@reportlab.com> - 2011-06-07 12:35 +0100
Re: How good is security via hashing Jean-Paul Calderone <calderone.jeanpaul@gmail.com> - 2011-06-07 04:42 -0700
Re: How good is security via hashing Robin Becker <robin@reportlab.com> - 2011-06-07 13:07 +0100
csiph-web