Random number generation, simple question.
jhylton at my-deja.com
jhylton at my-deja.com
Mon Jul 3 13:45:16 EDT 2000
In article <Pine.GSO.4.21.0007031546410.25965-100000 at luna.dsv.su.se>,
Kalle Svensson <kalle at gnupung.net> wrote:
> I have a few questions about the (pseudo) random number generator
supplied
> in the standard library. I need 80 random bits (for a CipherSaber IV)
but
> I hear most RNG's only supply 32 bits or less.
The random number generator in the standard library is not at all
suitable for generating a cipher key. In general, cryptography has a
crucial requirement for random numbers that most other applications
don't: It shouldn't be possible to guess or recover the state of the
random number generator. In the case of the random module, if the
attacker can guess or recover your inital seed, she can generate the
entire sequence of random numbers that you use for your cipher. Bad
stuff!
I recommend looking at the Yarrow design by Kelsey, Schneier, and
Ferguson: http://www.counterpane.com/yarrow.html
A Python implementation of Yarrow-160 is included in the Pisces
distribution:
http://www.cnri.reston.va.us/software/pisces/manual/module-pisces.yarrow.html
Jeremy
Sent via Deja.com http://www.deja.com/
Before you buy.
More information about the Python-list
mailing list