Message267955
Tim,
If MT is used in any of the security sensitive contexts that paper mentions, then it doesn't matter if you seed it with a static zero or a billion bytes read from the purest of purestrain randomness, your application is broken. In other words, it doesn't matter what we seed it with, random.py (outside of SystemRandom) is vulnerable to everything said in that paper.
It took me 5 minutes of googling to find https://github.com/fx5/not_random, which took 22 minutes on my iMac to generate my own copy of it's `magic_data` file, and then 15 seconds to clone the state of the MT using nothing but the output of it. This was on CPython 2.7.11 where MT is seeded with 2500 bytes off urandom.
Surely we're not making engineering trade offs based off whether or not someone who doesn't understand the difference between a CSPRNG and a PRNG would make fun of us for not using a CSPRNG where it's not needed. |
|
Date |
User |
Action |
Args |
2016-06-09 04:05:03 | dstufft | set | recipients:
+ dstufft, tim.peters, vstinner, christian.heimes, martin.panter |
2016-06-09 04:05:03 | dstufft | set | messageid: <1465445103.87.0.603992360423.issue27272@psf.upfronthosting.co.za> |
2016-06-09 04:05:03 | dstufft | link | issue27272 messages |
2016-06-09 04:05:03 | dstufft | create | |
|