How good is security via hashing
Robin Becker
robin at reportlab.com
Tue Jun 7 07:35:21 EDT 2011
On 07/06/2011 11:26, Nitin Pawar wrote:
> Have you tried using UUID module?
>
> Its pretty handy and comes with base64 encoding function which gives
> extremely high quality randon strings
>
> ref:
> http://stackoverflow.com/questions/621649/python-and-random-keys-of-21-char-max
......
I didn't actually ask for a suitable method for doing this; I assumed that Tim
Peters' algorithm (at least I think he's behind most of the python random
support) is pretty good so that the bits produced are indeed fairly good
approximations to random.
I guess what I'm asking is whether any sequence that's using random to generate
random numbers is predictable if enough samples are drawn. In this case assuming
that fastcgi is being used can I observe a sequence of generated numbers and
work out the state of the generator. If that is possible then the sequence
becomes deterministic and such a scheme is useless. If I use cgi then we're
re-initializing the sequence hopefully using some other unrelated randomness for
each number.
Uuid apparently uses machine internals etc etc to try and produce randomness,
but urandom and similar can block so are probably not entirely suitable.
--
Robin Becker
More information about the Python-list
mailing list