Re: Should our default random number generator be
secure?
[Posted September 15, 2015 by jake]
| From: |
| Paul Moore <p.f.moore-Re5JQEeQqe8AvxtiuMwx3w-AT-public.gmane.org> |
| To: |
| Stefan Krah <skrah-hxoPIKlzWzNg9hUCZPvPmw-AT-public.gmane.org> |
| Subject: |
| Re: Should our default random number generator be secure? |
| Date: |
| Wed, 9 Sep 2015 21:04:32 +0100 |
| Message-ID: |
| <CACac1F-AOgb-oZYK47rMxcj1RMVdJ4QuyX+KNG5WXUy=XkOe6g@mail.gmail.com> |
| Cc: |
| Python-Ideas <python-ideas-+ZN9ApsXKcEdnm+yROfE0A-AT-public.gmane.org> |
On 9 September 2015 at 20:33, Stefan Krah <skrah-hxoPIKlzWzNg9hUCZPvPmw@public.gmane.org> wrote:
> Steven D'Aprano <steve@...> writes:
>> Question, aimed at anyone, not necessarily random832 -- one desirable
>> property of PRNGs is that you can repeat a sequence of values if you
>> re-seed with a known value. Does arc4random keep that property? I think
>> that it is important that the default RNG be deterministic when given a
>> known seed. (I'm happy for the default seed to be unpredictable.)
>
> I think the removal of MT wasn't proposed (at least not by Theo).
> So we'd still have deterministic sequences in addition to
> arc4random.
I use a RNG quite often. Typically for simulations (games, dierolls,
card draws, that sort of thing). Sometimes for many millions of
results (Monte Carlo simulations, for example). I would always just
use the default RNG supplied by the stdlib - I view my use case as
"normal use" and wouldn't go looking for specialist answers. I'd
occasionally look for reproducibility, although it's not often a key
requirement for me (I would expect it as an option from the stdlib
RNG, though).
Anyone doing crypto who doesn't fully appreciate that it's a
specialist subject and that they should be looking for a dedicated RNG
suitable for crypto, is probably going to make a lot of *other*
mistakes as well. Leading them away from this one probably isn't going
to be enough to make their code something I'd want to use...
So as a user, I'm against making a change like this. Let the default
RNG in the stdlib be something suitable for simulations, "pick a
random question", and similar situations, and provide a crypto-capable
RNG for those who need it, but not as the default. (I am, of course,
assuming that it's not possible to have a single RNG that is the best
option for both uses - nobody on this thread seems to have suggested
that I'm wrong in this assumption).
Paul
_______________________________________________
Python-ideas mailing list
Python-ideas-+ZN9ApsXKcEdnm+yROfE0A@public.gmane.org
https://mail.python.org/mailman/listinfo/python-ideas
Code of Conduct: http://python.org/psf/codeofconduct/
