Message268051
Ah! Yes, .getrandbits(N) outputs remain vulnerable to equation-solving in Python 3, for any value of N. I haven't seen any code where that matters (may be "a security hole"), but would bet some _could_ be found.
There's no claim of absolute security here. To the contrary. What I'm opposed to is making _all_ naive code vulnerable to easy script-kiddie brute force attacks against lame seeding.
The kinds of things people _were_ jumping up & down about were the many instances of stuff like this on the web:
https://stackoverflow.com/questions/3854692/generate-password-in-python
Again, I'd be impressed if you could write code under Python 3 to deduce the MT state from any number of outputs from his naive approach in reasonable time. Of course he should be using urandom() instead (as an unaccepted answer urges) - but much code plain doesn't, and in Python 3 it's resistant to any attack the PHP paper exposed.
Make seeding lame again, and the easiest attacks can succeed again (the equation-solving stuff remains a footnote to me). |
|
Date |
User |
Action |
Args |
2016-06-09 18:43:47 | tim.peters | set | recipients:
+ tim.peters, vstinner, christian.heimes, martin.panter, dstufft |
2016-06-09 18:43:47 | tim.peters | set | messageid: <1465497827.75.0.98604769367.issue27272@psf.upfronthosting.co.za> |
2016-06-09 18:43:47 | tim.peters | link | issue27272 messages |
2016-06-09 18:43:47 | tim.peters | create | |
|