Message 172583 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	georg.brandl
Recipients	christian.heimes, georg.brandl, ymaryshev
Date	2012-10-10.15:04:41
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1349881481.96.0.0640242680224.issue16184@psf.upfronthosting.co.za>
In-reply-to

Content
> 1. In spite of the fact that MT states are initialized correctly, > there is a practical method to exploit the vulnerability because of > Python web framework peculiarities. What does this mean exactly? If it means that this predictability can be used for attacks on web frameworks because they assume cryptographic strength of random numbers, please report it to those frameworks' security channels, e.g. security@djangoproject.com.

> 1. In spite of the fact that MT states are initialized correctly,
> there is a practical method to exploit the vulnerability because of
> Python web framework peculiarities.

What does this mean exactly?  If it means that this predictability can
be used for attacks on web frameworks because they assume cryptographic
strength of random numbers, please report it to those frameworks' 
security channels, e.g. security@djangoproject.com.

History
Date	User	Action	Args
2012-10-10 15:04:41	georg.brandl	set	recipients: + georg.brandl, christian.heimes, ymaryshev
2012-10-10 15:04:41	georg.brandl	set	messageid: <1349881481.96.0.0640242680224.issue16184@psf.upfronthosting.co.za>
2012-10-10 15:04:41	georg.brandl	link	issue16184 messages
2012-10-10 15:04:41	georg.brandl	create