This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author tim.peters
Recipients christian.heimes, dstufft, martin.panter, tim.peters, vstinner
Date 2016-06-09.18:43:47
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Ah!  Yes, .getrandbits(N) outputs remain vulnerable to equation-solving in Python 3, for any value of N.  I haven't seen any code where that matters (may be "a security hole"), but would bet some _could_ be found.

There's no claim of absolute security here.  To the contrary.  What I'm opposed to is making _all_ naive code vulnerable to easy script-kiddie brute force attacks against lame seeding.

The kinds of things people _were_ jumping up & down about were the many instances of stuff like this on the web:

Again, I'd be impressed if you could write code under Python 3 to deduce the MT state from any number of outputs from his naive approach in reasonable time.  Of course he should be using urandom() instead (as an unaccepted answer urges) - but much code plain doesn't, and in Python 3 it's resistant to any attack the PHP paper exposed.

Make seeding lame again, and the easiest attacks can succeed again (the equation-solving stuff remains a footnote to me).
Date User Action Args
2016-06-09 18:43:47tim.peterssetrecipients: + tim.peters, vstinner, christian.heimes, martin.panter, dstufft
2016-06-09 18:43:47tim.peterssetmessageid: <>
2016-06-09 18:43:47tim.peterslinkissue27272 messages
2016-06-09 18:43:47tim.peterscreate