SHA-based subclass for random module
Raymond Hettinger
python at rcn.com
Fri Mar 19 16:21:32 EST 2004
> Since the size of plaintext is only 2^53, can't I just calculate
> all 2^53 md5 values in advance, and invert the output of MD5Random to
> get MT outputs, then attack MT just like any LFSR?
Change the plaintext line to read:
plaintxt = str(Random.getrandbits(self, 128))
Now, 128 bits of input space gets digested to 128 bits and then only 53
of those bits are used in to compute the float. That should preclude
the formation of an inversion table.
Raymond Hettinger
P.S. getrandbits(n) is new, C coded method in Py2.4 for acquiring bits
directly from the underlying generator without intermediate floats and
without losing threadsafety.
More information about the Python-list
mailing list