Message 218425 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	lemburg
Recipients	Arfrever, alex, dstufft, ezio.melotti, lemburg, mark.dickinson, neologix, pitrou, rhettinger, tim.peters, vstinner
Date	2014-05-13.09:48:14
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<5371EA5A.9080801@egenix.com>
In-reply-to	<1399971990.68.0.594554717471.issue21470@psf.upfronthosting.co.za>

Content
On 13.05.2014 11:06, Antoine Pitrou wrote: > > Is ~/.rnd any kind of serious? It hasn't been modified since two weeks on my system (which is rebooted every day). The file is apparently only updated if you use one the OpenSSL commands which needs random data. grep for "RAND_write_file" in the apps/ subdir of the OpenSSL distribution. Of course, applications can also use that API, so there may be other situations where it gets updated as well. However, when removing that file, OpenSSL still only reads 32 bytes from /dev/urandom, which suggests that it's either using some other sources of randomness as well (there are some timing tricks being used in the code for this), or (more likely) simply doesn't need more random bytes to start with. So while the file does have some meaning, it's not why I had thought it would be. Here's a more likely explanation: The OpenSSL random number source only works with hash function feedback and random data that gets added to it. It's not an PRNG with provable characteristics. OpenSSL uses SHA-1 for hashing which has a 20 byte digest size, so an initial vector of 32 bytes is a good start (though more are always better ;-)): http://en.wikipedia.org/wiki/Randomness_extractor That said and coming back to the question why 32 bytes are enough for OpenSSL: the OpenSSL RNG is being seeded with a seed from the full range of possible values (160 bits). It's period is a lot smaller than the MT one (19937 bits), which is why fewer random bytes are needed.

On 13.05.2014 11:06, Antoine Pitrou wrote:
>
> Is ~/.rnd any kind of serious? It hasn't been modified since two weeks on my system (which is rebooted every day).

The file is apparently only updated if you use one the OpenSSL commands
which needs random data. grep for "RAND_write_file" in the apps/ subdir
of the OpenSSL distribution. Of course, applications can also use that API,
so there may be other situations where it gets updated as well.

However, when removing that file, OpenSSL still only reads 32 bytes from
/dev/urandom, which suggests that it's either using some other sources
of randomness as well (there are some timing tricks being used in the
code for this), or (more likely) simply doesn't need more random
bytes to start with.

So while the file does have some meaning, it's not why I had thought
it would be.

Here's a more likely explanation:

The OpenSSL random number source only works with hash
function feedback and random data that gets added to it. It's not
an PRNG with provable characteristics.

OpenSSL uses SHA-1 for hashing which has a 20 byte digest size, so an
initial vector of 32 bytes is a good start (though more are always
better ;-)):

http://en.wikipedia.org/wiki/Randomness_extractor

That said and coming back to the question why 32 bytes are enough for
OpenSSL: the OpenSSL RNG is being seeded with a seed from the
full range of possible values (160 bits). It's period is a lot smaller
than the MT one (19937 bits), which is why fewer random bytes are
needed.

History
Date	User	Action	Args
2014-05-13 09:48:15	lemburg	set	recipients: + lemburg, tim.peters, rhettinger, mark.dickinson, pitrou, vstinner, ezio.melotti, Arfrever, alex, neologix, dstufft
2014-05-13 09:48:15	lemburg	link	issue21470 messages
2014-05-13 09:48:15	lemburg	create