[Python-Dev] RNG in the core
Antoine Pitrou
solipsis at pitrou.net
Tue Jan 3 22:20:53 CET 2012
On Tue, 3 Jan 2012 22:17:06 +0100
Victor Stinner <victor.stinner at gmail.com> wrote:
> A randomized hash doesn't need cryptographic RNG (which are slow and
> need a lot of new code), and the new hash function should maybe not be
> cryptographic. We need to make the DoS more expensive for the
> attacker, but we don't need to add "too much security" for that.
Agreed.
> Mersenne Twister is useless here: it is only needed when you need to
> generate a fast RNG to generate megabytes of random data, whereas we
> will not need more than 4 KB. The OS RNG is just fine (fast enough and
> not blocking).
Have you read the following sentence:
“Since some platforms may not have /dev/urandom, we need a PRNG in the
core, too. I therefore propose to move the Mersenne twister from
randommodule.c into the core, too.”
Regards
Antoine.
More information about the Python-Dev
mailing list