Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #7199 > unrolled thread
| Started by | Christian Heimes <lists@cheimes.de> |
|---|---|
| First post | 2011-06-08 00:08 +0200 |
| Last post | 2011-06-07 22:25 -0700 |
| Articles | 3 — 3 participants |
Back to article view | Back to comp.lang.python
This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by
below is the oldest one visible, not the original post.
Re: How good is security via hashing Christian Heimes <lists@cheimes.de> - 2011-06-08 00:08 +0200
Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-07 19:30 -0700
Re: How good is security via hashing geremy condra <debatem1@gmail.com> - 2011-06-07 22:25 -0700
| From | Christian Heimes <lists@cheimes.de> |
|---|---|
| Date | 2011-06-08 00:08 +0200 |
| Subject | Re: How good is security via hashing |
| Message-ID | <mailman.8.1307484500.11593.python-list@python.org> |
Am 07.06.2011 20:26, schrieb Terry Reedy: > On 6/7/2011 7:35 AM, Robin Becker wrote: > >> I guess what I'm asking is whether any sequence that's using random to >> generate random numbers is predictable if enough samples are drawn. > > Apparently so. random.random is *not* 'cryptographically secure'. > https://secure.wikimedia.org/wikipedia/en/wiki/Cryptographically_secure_pseudorandom_number_generator > > One of Python's crypto wrapper modules (sorry, forget which one) was > recently modified to expose the crypto rng functions in the wrapped C > library. It should be mentioned in What New for 3.3. You might be able > to get at the same functions with ctypes. PyCrypto has a strong pseudorandom number generator, too.
[toc] | [next] | [standalone]
| From | Paul Rubin <no.email@nospam.invalid> |
|---|---|
| Date | 2011-06-07 19:30 -0700 |
| Message-ID | <7x39jl6on1.fsf@ruckus.brouhaha.com> |
| In reply to | #7199 |
Christian Heimes <lists@cheimes.de> writes:
> PyCrypto has a strong pseudorandom number generator, too.
If you mean the one at pycrypto.org, that page now says:
Random number generation
Do not use RandomPool to generate random numbers. Use Crypto.Random
instead. RandomPool is deprecated and will be removed in a future
release. See this thread to find out why.
Crypto.Random just uses system randomness, which is the right thing to
do. It then goes and runs them through a distiller (Fortuna), which
seems a little bit silly to me, but harmless.
[toc] | [prev] | [next] | [standalone]
| From | geremy condra <debatem1@gmail.com> |
|---|---|
| Date | 2011-06-07 22:25 -0700 |
| Message-ID | <mailman.16.1307510716.11593.python-list@python.org> |
| In reply to | #7206 |
On Tue, Jun 7, 2011 at 7:30 PM, Paul Rubin <no.email@nospam.invalid> wrote: > Christian Heimes <lists@cheimes.de> writes: >> PyCrypto has a strong pseudorandom number generator, too. > > If you mean the one at pycrypto.org, that page now says: > > Random number generation > > Do not use RandomPool to generate random numbers. Use Crypto.Random > instead. RandomPool is deprecated and will be removed in a future > release. See this thread to find out why. On a related note, keyczar just got bitten by this. > Crypto.Random just uses system randomness, which is the right thing to > do. It then goes and runs them through a distiller (Fortuna), which > seems a little bit silly to me, but harmless. IIRC this is mostly to help deal with the possibility of running on older Windows machines, where the cryptographic random number service was of very poor quality. Geremy Condra
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.python
csiph-web