SHA-based subclass for random module
Peter Finlayson
frnknstn at iafrica.com
Sat Mar 27 08:10:11 EST 2004
I have been following this thread with great interest. I am very new to Python,
and this group (struggling to keep up with the heavy traffic.)
Some of the stuff here went over my head, as I am not a gifted mathematician,
but it did get me thinking. I find random number generators facinating, and I
have a perfectionist streak in me that really dislikes several of the flawed
generators used frequently.
Still, if you are aiming for totally nondeterminant random numbers, there are
better ways to do it than with SHA with its inevitable collisions. If we assume
that every bit from the MT generator is roughly as 'random' as all the others,
why not use the oldest cryptographic trick in the book: One-time-pads?
Python is largely designed as a scripting language, so why not just pull a
random file off the system and (perhaps after removing the file's header) use
the raw data to offset the getrandbits() data?
Wait, I suppose that may not be random enough. There are only a finite number
of files on your system, and I suppose that for $250 000 the poker players
could have hacked into the system and downloaded the complete contents of all
the memory.
Well, Python is a scripting language, so why not just use httplib to download
some random file off the internet, and use that? Every morning, just get the
latest files of your favorite site, and use them to offset the getrandbits()
data. I can see it now, porn-powered cryptographic pseudo-random number
generators!
Wait, there is only a finite amount of porn in the world. I know, why not just
use the latests comments posted on Slashdot? That is an *inexhaustable* supply
of rubbish. Nobody would sift through all that, not ever for a MILLION dollars.
:)
Peter Finlayson
More information about the Python-list
mailing list