Issue 13704: Random number generator in Python core

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/57913

classification

Title:	Random number generator in Python core
Type:	enhancement	Stage:	patch review
Components:	Versions:	Python 3.1, Python 3.2, Python 3.3, Python 2.7, Python 2.6

process

Dependencies:	Superseder:
Status:	closed	Resolution:	out of date
Assigned To:	christian.heimes	Nosy List:	Arfrever, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, georg.brandl, gvanrossum, jcea, loewis, pitrou, rhettinger
Priority:	normal	Keywords:	patch

Created on 2012年01月03日 20:24 by christian.heimes, last changed 2022年04月11日 14:57 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
3106cc0a2024.diff	vstinner, 2012年01月03日 22:18	review

Repositories containing patches
http://hg.python.org/features/randomhash/#randomhash

Messages (10)
msg150527 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2012年01月03日 20:24
All proposed fixes for a randomized hashing function raise and fall with a good random number generator to feed the random seed. The seed must be created very early in the startup phase of the interpreter, preferable before the basic types are initialized. CPython already have multiple sources for random data (win32_urandom in Modules/posixmodule.c, urandom in Lib/os.py, Mersenne twister in Modules/_randommodule.c). However we can't use them because they are wrapped inside Python modules which require infrastructure like initialized base types. Discussion at http://mail.python.org/pipermail/python-dev/2012-January/115263.html My proposed changes are implemented in my feature fork but not yet well tested. Windows build files needs modification, too.
msg150528 - (view)	Author: Antoine Pitrou (pitrou) * (Python committer)	Date: 2012年01月03日 20:28
(for the record, you can use the "create patch" button which creates a reviewable diff)
msg150545 - (view)	Author: Martin v. Löwis (loewis) * (Python committer)	Date: 2012年01月03日 22:17
I disagree with that approach, basically because I disagree that we need a C implementation of MT. Platforms that don't provide /dev/urandom will just have to be less secure. Using the current time (in milliseconds if available) plus the current pid ought to be good enough as a random seed.
msg150549 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2012年01月03日 22:37
We already have a C implementation of MT in Modules/_randommodule.c. I just suggest that we move the implementation to a place, where we can use it as seed.
msg150594 - (view)	Author: Raymond Hettinger (rhettinger) * (Python committer)	Date: 2012年01月04日 07:30
Why is this listed as a release blocker? It is questionable whether it should be done at all? It is a very aggressive change.
msg150598 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2012年01月04日 09:29
Release blocker: I was following the example in #13703. A RNG (PRNG or CSPRNG) is required for randomized hashing function. The patch contains more than just the RNG changes. Only Include/pyrandom.h, Modules/_randommodule.c, Modules/posixmodule.c, Python/hash.c and parts of Makefile.pre.in are relevant for this tracker item. Sorry for the inconvenience!
msg150612 - (view)	Author: Barry A. Warsaw (barry) * (Python committer)	Date: 2012年01月04日 15:02
On Jan 04, 2012, at 07:30 AM, Raymond Hettinger wrote: >Why is this listed as a release blocker? It is questionable whether it >should be done at all? It is a very aggressive change. It's a release blocker so that the issue won't get ignored before the next release. That doesn't necessarily mean it must be fixed.
msg154899 - (view)	Author: Georg Brandl (georg.brandl) * (Python committer)	Date: 2012年03月04日 15:00
Demoting from release blocker since the hash collision issue got remedied differently. If this is not needed anymore, please close.
msg154904 - (view)	Author: Christian Heimes (christian.heimes) * (Python committer)	Date: 2012年03月04日 18:55
Yes, this ticket can be closed unless there is an interest to include the PRNG in the core.
msg154906 - (view)	Author: Martin v. Löwis (loewis) * (Python committer)	Date: 2012年03月04日 19:39
This is indeed out-of-date.

History
Date	User	Action	Args
2022年04月11日 14:57:25	admin	set	github: 57913
2012年03月04日 19:39:31	loewis	set	status: pending -> closed messages: + msg154906
2012年03月04日 18:55:50	christian.heimes	set	status: open -> pending resolution: out of date messages: + msg154904
2012年03月04日 15:00:42	georg.brandl	set	priority: release blocker -> normal messages: + msg154899
2012年01月18日 18:34:33	dmalcolm	set	nosy: + dmalcolm
2012年01月04日 15:02:57	barry	set	messages: + msg150612
2012年01月04日 09:39:47	rhettinger	set	assignee: rhettinger -> christian.heimes
2012年01月04日 09:29:25	christian.heimes	set	messages: + msg150598
2012年01月04日 07:30:55	rhettinger	set	messages: + msg150594
2012年01月04日 05:09:02	jcea	set	nosy: + jcea
2012年01月04日 02:27:07	rhettinger	set	assignee: christian.heimes -> rhettinger nosy: + rhettinger
2012年01月04日 00:49:38	Arfrever	set	nosy: - ezio.melotti, michael.foord
2012年01月04日 00:35:15	Arfrever	set	nosy: + ezio.melotti, Arfrever, michael.foord
2012年01月03日 22:37:31	christian.heimes	set	messages: + msg150549
2012年01月03日 22:19:44	alex	set	nosy: + alex
2012年01月03日 22:18:27	vstinner	set	files: + 3106cc0a2024.diff keywords: + patch
2012年01月03日 22:17:04	loewis	set	nosy: + loewis messages: + msg150545
2012年01月03日 20:31:16	christian.heimes	link	issue13703 dependencies
2012年01月03日 20:28:13	pitrou	set	messages: + msg150528
2012年01月03日 20:24:33	christian.heimes	create

homepage