[Python-ideas] Should our default random number generator be secure?
random832 at fastmail.us
random832 at fastmail.us
Sat Sep 12 01:12:38 CEST 2015
On Fri, Sep 11, 2015, at 17:48, Petr Viktorin wrote:
> Calling getstate() means yoy want to call setstate() at some point in
> the future, and have deterministic results. Getting the CSRNG state is
> dangerous (since it would allow replaying), and it's not even useful
> (since system entropy gets mixed in occasionally).
> Instead, in this scheme, getstate() should activate the deterministic
> RNG (seeding it if it's the first use), and return its state.
> setstate() would then also switch to the Twister, and seed it.
My thinking was that "CSRNG is enabled" should be regarded as a single
state of the "magic switching RNG". The alternative would be that
calling getstate on a magic switching RNG that is not already in
deterministic mode is an error.
More information about the Python-ideas
mailing list