On 2010-02-24 20:30, Michael Rudolf wrote:
The reason is 256 % 26 != 0
256 mod 26 equals 22, thus your code is hitting a-v about 10% (256/26 is
approx. 10) more often than w-z.
<Barbie voice>writing secure code is hard...
So true. That's why one should stick to standard libs when it comes to
crypto or security in general. It's just to easy to mess it up. Just ask
Debian about whether touching OpenSSL was a good idea ;)
That was brain-dead hiccup, for crying out loud how could they do smth
so stupid.
def gen_rand_word(n):
with open('/dev/urandom') as f:
return ''.join([chr(ord('a') + ord(x) % 26) for x in f.read(n) if ord(x)
> 22])
Off-by-one-error: you're skipping len(range(22))==23 hits.
Argh, it's late here.
Well, I really think that you should use repeated Random.choice on an
alphabet.
Or Random.Systemrandom.choice if you don't trust the PRNG.
I just posted a comparison with calculating std deviations for various
methods - using os.urandom, SystemRandom.choice with seeding and without
seeding.
They all seem to have slightly different distributions.
Regards,
mk
--
http://mail.python.org/mailman/listinfo/python-list
