Generating Unique Keys
Nagy László
nagylzs at freemail.hu
Tue Jan 28 16:21:02 EST 2003
>
>
>If you've got a source of good random numbers, you can just use them
>directly as tokens and not need this hashing stuff.
>
There are whole books about what are the "good" (pseudo) random numbers.
The perfect answer
is this: depends on what you want to do with them. If you want to use
them to create session
keys, you will surely need to use a hash function. The PRNG algorithm
can be explored in almost
all cases (especially when using /dev/random), and this is a security
risk. A "good" PRNG ("good" depends
on the application) is measured by statistical properties (both
theoretical and empirical). But most
"good" PRNGs are not tested aganist invertion. You can conclude PRNG
state information from a random
number sequence. Not so easy, but much more easy than invert a hash
function like SHA1. :-)
IMHO you should use a hash function (why not?)
Laci 1.0
p.s.: Sorry for my broken English
More information about the Python-list
mailing list