classification
Title: crypt.mksalt: use ssl.RAND_pseudo_bytes() if available
Type: Stage:
Components: Extension Modules Versions: Python 3.3
process
Status: closed Resolution: rejected
Dependencies: Superseder:
Assigned To: Nosy List: jafo, vstinner
Priority: normal Keywords:

Created on 2011-08-30 14:41 by vstinner, last changed 2013-01-03 02:08 by vstinner. This issue is now closed.

Messages (2)
msg143215 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2011-08-30 14:41
A salt doesn't need to be strong random bits, but I'm not sure that Mersenne Twister is a best candidate to generate salt. It would be nice to use ssl.RAND_pseudo_bytes() if available.

Problem: implement random.choice() from a generator generating bytes => see issue #12754.
msg178899 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2013-01-03 02:08
I'm not sure that a salt must be cryptographic. Mersenne Twister should be enough to generate a salt.

Anyway, ssl.RAND_pseudo_bytes() cannot be used currently and I don't have a patch, so I prefer to close this issue.
History
Date User Action Args
2013-01-03 02:08:22vstinnersetstatus: open -> closed
resolution: rejected
messages: + msg178899
2011-08-30 14:42:44eric.araujosetnosy: + jafo
2011-08-30 14:41:17vstinnercreate