[issue13703] Hash collision security issue
Antoine Pitrou
report at bugs.python.org
Thu Jan 5 01:01:02 CET 2012
Antoine Pitrou <pitrou at free.fr> added the comment:
> > add PyOS_URandom() using CryptoGen, SSL (only on VMS!!)
> > or /dev/urandom
>
> Oh, OpenSSL (RAND_pseudo_bytes) should be used on Windows, Linux, Mac
> OS X, etc. if OpenSSL is available.
Apart from the large dependency, the OpenSSL license is not
GPL-compatible which may be a problem for some Python-embedding
applications:
http://en.wikipedia.org/wiki/OpenSSL#Licensing
> > will a fallback on a dummy LCG
>
> It's the Linear congruent generator (LCG) used by Microsoft Visual C++
> and PHP:
>
> x(n+1) = (x(n) * 214013 + 2531011) % 2^32
>
> I only use bits 23..16 (bits 15..0 are not really random).
If PHP uses it, I'm confident it is secure.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list