[issue13703] Hash collision security issue
Antoine Pitrou
report at bugs.python.org
Wed Jan 4 03:14:55 CET 2012
Antoine Pitrou <pitrou at free.fr> added the comment:
For the record, here is what "man urandom" says about random seed size:
“[...] no cryptographic primitive available today can hope to promise
more than 256 bits of security, so if any program reads more than
256 bits (32 bytes) from the kernel random pool per invocation, or per
reasonable reseed interval (not less than one minute), that should be
taken as a sign that its cryptography is not skilfully implemented.”
In that light, reading a 64 bytes seed from /dev/urandom is already a lot, and 4096 bytes is simply insane.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list