This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author dstufft
Recipients christian.heimes, dstufft, martin.panter, tim.peters, vstinner
Date 2016-06-09.04:05:03
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1465445103.87.0.603992360423.issue27272@psf.upfronthosting.co.za>
In-reply-to
Content 
Tim,

If MT is used in any of the security sensitive contexts that paper mentions, then it doesn't matter if you seed it with a static zero or a billion bytes read from the purest of purestrain randomness, your application is broken. In other words, it doesn't matter what we seed it with, random.py (outside of SystemRandom) is vulnerable to everything said in that paper.

It took me 5 minutes of googling to find https://github.com/fx5/not_random, which took 22 minutes on my iMac to generate my own copy of it's `magic_data` file, and then 15 seconds to clone the state of the MT using nothing but the output of it. This was on CPython 2.7.11 where MT is seeded with 2500 bytes off urandom.

Surely we're not making engineering trade offs based off whether or not someone who doesn't understand the difference between a CSPRNG and a PRNG would make fun of us for not using a CSPRNG where it's not needed.
History
Date User Action Args
2016-06-09 04:05:03dstufftsetrecipients: + dstufft, tim.peters, vstinner, christian.heimes, martin.panter
2016-06-09 04:05:03dstufftsetmessageid: <1465445103.87.0.603992360423.issue27272@psf.upfronthosting.co.za>
2016-06-09 04:05:03dstufftlinkissue27272 messages
2016-06-09 04:05:03dstufftcreate