Charles-François Natali added the comment:
> * We're not reading urandom "a huge number of times per second". This is
> just one read of 2,500 bytes. What Ted is talking about and what we're doing
> are as different as night and day.
>
> * We're also not doing this in a loop. It is just once when Random() is
> initialized. There are no threading issues here.
Well, you don't know how people will use it though: some code spawns
many processes per second (see recent discussion on python-dev).
> * 32 bytes is good but it is not enough. There is a reason that the state
> space for the Mersenne Twister is so large to begin with. Functions as
> simple as shuffle() eat through the possibilities very quickly.
As I said, I'm not a cryptography expert, but quoting the link you gave:
"""About 256 bits of entropy are enough to get computationally secure
numbers for a long, long time."""
The kernel's CSPRNG itself considers 256 bits enough, so I'm curious
as to what makes you think that 32 *bytes* is not enough.
openssl itself only reads 32 bytes from /dev/urandom:
"""
$ strace -e open,read openssl genrsa
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3
read(3,
"\336\314\312\355<\305\312\375\244\276G\n\201^\32\236\301\243\327\277\344\320\0\5\3017-\\\346\333G?",
32) = 32
"""
In short, everyone seems to think that 32bytes seeding is more than enough.
----------
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue21470>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
