On Jul 21, 2008, at 3:59 PM, Joshua Bronson wrote:
Hey Luke,
On Mon, Jul 21, 2008 at 10:47 AM, Luke Tucker
<[EMAIL PROTECTED]> wrote:
Sounds like we should change those over to the hashlib module if
it's available, appears it's interface is compatible.
done.
Can you make it so this falls back to the md5 module when it's
available ? it looked like some of the calls were explicitly
referencing the module. Looks like you need to do something to
explicitly generate the randomness in the pool? Unless we're doing
that it's probably no better than just using the stock thinger.
- Luke
A non deterministic PRNG would be better for that function -- I
can't think of any nice reason to reproduce the sequence that comes
out of it. :)
Here is a naive port to Crypto.Util.randpool:
Index: nonce.py
===================================================================
--- nonce.py (revision 1094)
+++ nonce.py (working copy)
@@ -18,10 +18,11 @@
# USA
import hashlib
-import random
+from Crypto.Util.randpool import RandomPool
from base64 import b16encode
def nonce_str():
+ rp = RandomPool()
m = hashlib.md5()
- m.update('%d' % random.getrandbits(128))
+ m.update(rp.get_bytes(16))
return b16encode(m.digest())
But I just wanted to make sure that's sufficient for a nonce. (The
docs are pretty intense:)
get_bytes(num)
Returns a string containing num bytes of random data, and decrements
the amount of entropy available. It is not an error to reduce the
entropy to zero, or to call this function when the entropy is zero.
This simply means that, in theory, enough random information has
been extracted to derive the state of the generator. It is the
caller's responsibility to monitor the amount of entropy remaining
and decide whether it is sufficent for secure operation.
entropy
An integer value containing the number of bits of entropy currently
in the pool. The value is incremented by the add_event() method, and
decreased by the get_bytes() method.
add_event(time[, string])
Adds an event to the random pool. time should be set to the current
system time, measured at the highest resolution available. string
can be a string of data that will be XORed into the pool, and can be
used to increase the entropy of the pool. For example, if you're
encrypting a document, you might use the hash value of the document;
an adversary presumably won't have the plaintext of the document,
and thus won't be able to use this information to break the generator.
stir()
Scrambles the random pool using the previously chosen encryption and
hash function. An adversary may attempt to learn or alter the state
of the pool in order to affect its future output; this function
destroys the existing state of the pool in a non-reversible way. It
is recommended that stir() be called before and after using the
RandomPool object. Even better, several calls to stir() can be
interleaved with calls to add_event().
Josh
- Luke
Forwarding along these comments from the melkjug blog:
Hey Luke,
Thanks, nonce_str is much nicer (not to mention already written :).
I'll use that instead.
Just noticed python2.5 deprecates the md5 module with a new module
hashlib, http://www.python.org/doc/current/lib/module-hashlib.html .
The 2.4/2.5 straddle grows ever wider…
Comment by magicbronson on July 18, 2008 at 10:33 am
from http://docs.python.org/lib/module-random.html :
"Almost all module functions depend on the basic function random(),
which generates a random float uniformly in the semi-open range
[0.0, 1.0). Python uses the Mersenne Twister as the core generator.
It produces 53-bit precision floats and has a period of 2**19937-1.
The underlying implementation in C is both fast and threadsafe. The
Mersenne Twister is one of the most extensively tested random number
generators in existence. However, being completely deterministic, it
is not suitable for all purposes, and is completely unsuitable for
cryptographic purposes."
For a non-deterministic prng, the pycrypto module provides
Crypto.Util.randpool: http://www.amk.ca/python/writing/pycrypt/pycrypt.html#SECTION000720000000000000000
Comment by magicbronson on July 19, 2008 at 3:39 pm
--
Archive:
http://www.openplans.org/projects/melkjug/lists/melkjug-development-list/archive/2008/07/1216651675072
To unsubscribe send an email with subject "unsubscribe" to [email protected]
. Please contact [EMAIL PROTECTED] for
questions.
