[Python-ideas] Should our default random number generator be secure?
random832 at fastmail.us
random832 at fastmail.us
Wed Sep 9 19:46:09 CEST 2015
On Wed, Sep 9, 2015, at 13:18, Serhiy Storchaka wrote:
> Entropy -- limited and slowly recoverable resource (especially if there
> is no network activity). If you consume it too quickly (for example in a
> scientific simulation or in a game), it will not have time to recover,
> that will slow down not only your program, but all consumers of entropy.
> The use of random.SystemRandom by default looks dangerous. It is
> unlikely that all existing programs will be rewritten to use
> random.FastInsecureRandom.
http://www.2uo.de/myths-about-urandom/ should be required reading.
As far as I know, no-one is actually proposing the use of a method that
blocks when there's "not enough entropy", nor does arc4random itself
appear to do so.
More information about the Python-ideas
mailing list