Message 268137 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	tim.peters
Recipients	christian.heimes, dstufft, martin.panter, rhettinger, tim.peters, vstinner
Date	2016-06-10.18:15:45
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1465582545.97.0.559618631992.issue27272@psf.upfronthosting.co.za>
In-reply-to

Content
Raymond, while I'm in general agreement with you, note that urandom() doesn't deliver "random" bytes to begin with. A CSPRNG is still a PRNG. For example, if the underlying urandom() generator is ChaCha20, _it_ has "only" 512 bits of state. Seeding the Twister with 2500 bytes from urandom() far exceeds the maximum possible entropy that ChaCha20's comparatively tiny 64 bytes of state can deliver (but, yes, I'm ignoring the possibility that a good urandom() implementation may fold in fresh entropy during the time MT sucks out those 2500 bytes - nevertheless, MT's state is far larger). That's why I said earlier I could live with seeding from 128 bytes - twice the size of a currently trendy urandom() implementation's state. But I'll be happiest if nothing changes here (given that Guido ruled yesterday that Python's current urandom() implementation has to be reverted to once again match Linux's non-blocking urandom() behavior).

Raymond, while I'm in general agreement with you, note that urandom() doesn't deliver "random" bytes to begin with.  A CSPRNG is still a PRNG.

For example, if the underlying urandom() generator is ChaCha20, _it_ has "only" 512 bits of state.  Seeding the Twister with 2500 bytes from urandom() far exceeds the maximum possible entropy that ChaCha20's comparatively tiny 64 bytes of state can deliver (but, yes, I'm ignoring the possibility that a good urandom() implementation may fold in fresh entropy during the time MT sucks out those 2500 bytes - nevertheless, MT's state is far larger).

That's why I said earlier I could live with seeding from 128 bytes - twice the size of a currently trendy urandom() implementation's state.

But I'll be happiest if nothing changes here (given that Guido ruled yesterday that Python's current urandom() implementation has to be reverted to once again match Linux's non-blocking urandom() behavior).

History
Date	User	Action	Args
2016-06-10 18:15:46	tim.peters	set	recipients: + tim.peters, rhettinger, vstinner, christian.heimes, martin.panter, dstufft
2016-06-10 18:15:45	tim.peters	set	messageid: <1465582545.97.0.559618631992.issue27272@psf.upfronthosting.co.za>
2016-06-10 18:15:45	tim.peters	link	issue27272 messages
2016-06-10 18:15:45	tim.peters	create