[Python-ideas] Should our default random number generator be secure?
Tim Peters
tim.peters at gmail.com
Wed Sep 9 20:16:29 CEST 2015
More information about the Python-ideas mailing list
Wed Sep 9 20:16:29 CEST 2015
- Previous message (by thread): [Python-ideas] Should our default random number generator be secure?
- Next message (by thread): [Python-ideas] Should our default random number generator be secure?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Stefan Krah <skrah at bytereef.org>] > From Theo's forwarded mail I also got the impression that he wanted > us to use OpenBSD code to implement our own CSPRNG, use that for > the default functions in the random module and add new functions > for reproducible random numbers that use the MT. I read it the same way on all counts. > My intuition is that if someone just uses a random() function > without checking if it's cryptographically secure then the > application will probably have other holes as well. I mean, > for example no one is going to use C's rand() function for crypto. Yes, if they're not checking the random() docs first, they're a total crypto moron - in which case it's insane to believe they'll do anything else related to crypto-strength requirements right either. It's hard to make something idiot-proof even if your target audience is bona fide crypto experts ;-)
- Previous message (by thread): [Python-ideas] Should our default random number generator be secure?
- Next message (by thread): [Python-ideas] Should our default random number generator be secure?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-ideas mailing list