Generating Unique Keys

Nagy László nagylzs at freemail.hu
Tue Jan 28 16:21:02 EST 2003


>
>
>If you've got a source of good random numbers, you can just use them
>directly as tokens and not need this hashing stuff.
>

There are whole books about what are the "good" (pseudo) random numbers. 
The perfect answer
is this: depends on what you want to do with them. If you want to use 
them to create session
keys, you will surely need to use a hash function. The PRNG algorithm 
can be explored in almost
all cases (especially when using /dev/random), and this is a security 
risk. A "good" PRNG ("good" depends
on the application) is measured by statistical properties (both 
theoretical and empirical). But most
"good" PRNGs are not tested aganist invertion. You can conclude PRNG 
state information from a random
number sequence. Not so easy, but much more easy than invert a hash 
function like SHA1. :-)
IMHO you should use a hash function (why not?)

Laci 1.0

p.s.: Sorry for my broken English






More information about the Python-list mailing list