This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, ymaryshev
Date 2012-10-10.11:39:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1349869168.62.0.485759742567.issue16184@psf.upfronthosting.co.za>
In-reply-to
Content 
I don't see a problem here. It's a well known and documented fact that a PRNG like a Mersenne-Twister must not be used for any cryptographic purpose. The most of the random module is designed to be deterministic. The global instance even keeps its state after fork(). It's really not a security issue but a feature.

http://docs.python.org/library/random.html
---
The Mersenne Twister is one of the most extensively tested random number generators in existence. However, being completely deterministic, it is not suitable for all purposes, and is completely unsuitable for cryptographic purposes.
---

The os.urandom() function and random.SystemRandom class are desigend to create cryptographically strong random data that can be for most purposes except for long lived crypto keys like SSL certs.
History
Date User Action Args
2012-10-10 11:39:28christian.heimessetrecipients: + christian.heimes, ymaryshev
2012-10-10 11:39:28christian.heimessetmessageid: <1349869168.62.0.485759742567.issue16184@psf.upfronthosting.co.za>
2012-10-10 11:39:28christian.heimeslinkissue16184 messages
2012-10-10 11:39:28christian.heimescreate