Does shuffle() produce uniform result ?
Lawrence D'Oliveiro
ldo at geek-central.gen.new_zealand
Mon Sep 10 03:52:26 EDT 2007
In message <13e7roq4dbo6043 at corp.supernews.com>, Steven D'Aprano wrote:
> On Sun, 09 Sep 2007 18:53:32 +1200, Lawrence D'Oliveiro wrote:
>
>> In message <7xhcm4pl5m.fsf at ruckus.brouhaha.com>, Paul Rubin wrote:
>>
>>> Lawrence D'Oliveiro <ldo at geek-central.gen.new_zealand> writes:
>>>
>>>> Except that the NSA's reputation has taken a dent since they failed to
>>>> anticipate the attacks on MD5 and SHA-1.
>>>
>>> NSA had nothing to do with MD5 ...
>>
>> Nevertheless, it was their job to anticipate attacks on it. After all,
>> they call themselves the "National _Security_ Agency", don't they?
>
> The NSA has many jobs, and doing public research in crypto is only one of
> them -- and a particularly small one at that. For all we know, they had
> an attack on MD5 ten years before anyone else and didn't tell anyone
> because keeping it secret made it useful for one of their other jobs.
Yes, but they're supposed to look after US _National_ security, not their
own security. Since people in strategic jobs make so much use of hash
functions in crypto, that means it is most certainly an important part of
the NSA's function to ensure that there are good hash functions available.
They've fallen down on that job.
>>> ... and it's to NSA's credit that SHA-1 held up for as long as it did.
>>
>> But they have no convincing proposal for a successor. That means the gap
>> between the classified and non-classified state of the art has shrunk
>> down to insignificance.
>
> I don't see how that follows.
Because previously, the NSA has done things that it took open researchers
years, even decades, to figure out. But not any more.
More information about the Python-list
mailing list