Christian Heimes added the comment: I don't see a problem here. It's a well known and documented fact that a PRNG like a Mersenne-Twister must not be used for any cryptographic purpose. The most of the random module is designed to be deterministic. The global instance even keeps its state after fork(). It's really not a security issue but a feature.
http://docs.python.org/library/random.html --- The Mersenne Twister is one of the most extensively tested random number generators in existence. However, being completely deterministic, it is not suitable for all purposes, and is completely unsuitable for cryptographic purposes. --- The os.urandom() function and random.SystemRandom class are desigend to create cryptographically strong random data that can be for most purposes except for long lived crypto keys like SSL certs. ---------- components: +Library (Lib) -None nosy: +christian.heimes _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue16184> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
