[Python-Dev] RNG in the core (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Tue Jan 3 22:20:53 CET 2012

• Previous message: [Python-Dev] RNG in the core
• Next message: [Python-Dev] RNG in the core
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 3 Jan 2012 22:17:06 +0100 Victor Stinner <victor.stinner at gmail.com> wrote:

A randomized hash doesn't need cryptographic RNG (which are slow and need a lot of new code), and the new hash function should maybe not be cryptographic. We need to make the DoS more expensive for the attacker, but we don't need to add "too much security" for that.

Agreed.

Mersenne Twister is useless here: it is only needed when you need to generate a fast RNG to generate megabytes of random data, whereas we will not need more than 4 KB. The OS RNG is just fine (fast enough and not blocking).

Have you read the following sentence:

“Since some platforms may not have /dev/urandom, we need a PRNG in the core, too. I therefore propose to move the Mersenne twister from randommodule.c into the core, too.”

Regards

Antoine.

• Previous message: [Python-Dev] RNG in the core
• Next message: [Python-Dev] RNG in the core
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list