Generating Unique Keys
Paul Rubin
phr-n2003b at NOSPAMnightsong.com
Tue Jan 28 18:07:21 EST 2003
Chad Netzer <cnetzer at mail.arc.nasa.gov> writes:
> > If you've got a source of good random numbers, you can just use them
> > directly as tokens and not need this hashing stuff.
>
> ??? - Surely you must assume that Trevor was talking about normal
> pseudo-random number generators (not cryptographically secure, or true
> entropy based random numbers; Trevor, am I correct?). The point is
> that one is not always sure of the "randomness" of numbers on different
> platforms, and simple pseudo-random number generators are generally
> much more prevalent.
I thought he meant cryptographically secure random numbers, or at
least unguessable ones.
> In general, for these types of things, the approach I've seen and heard
> of most is to use a random (ideally truly random) starting secret, and
> chains of cryptographic hash sequences (with periodic re-seeding).
Yes, that would count as secure random numbers and most OS's these
days include services to provide them. It would be really good if
Python had a standard library call to use those services.
More information about the Python-list
mailing list