Message 267952 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	tim.peters
Recipients	christian.heimes, dstufft, martin.panter, tim.peters, vstinner
Date	2016年06月09日.03:20:48
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1465442449.0.0.161949003819.issue27272@psf.upfronthosting.co.za>

Content
Didn't anyone here follow the discussion about the `secrets` module? PHP was crucified by security wonks for its horridly naive ways of initializing its PRNGs: https://media.blackhat.com/bh-us-12/Briefings/Argyros/BH_US_12_Argyros_PRNG_WP.pdf Please don't even think about making Python a target of similar ridicule ;-) The only sane approach is to use an _excellent_ source of randomness for initialization, and `urandom()` is the only obvious such source. While the more the merrier, I agree 2500 utterly unpredictable bytes isn't necessary. If this has to change, use the most possible without creating other problems on a major platform, but certainly no less than 128 crypto-strength bytes. -1 on any poke-and-hope gibberish trying to brew our own out of time.time(), PID, id(), etc. That stuff is easy for a malicious program to attack. That's why Python switched to using `urandom()` to begin with, before security wonks noticed how poorly most libraries handle this. It's not about supplying "enough randomness" for applications, it's about making it computationally intractable for well-funded expert attackers to out-guess. That's why urandom() is used.

Content

Didn't anyone here follow the discussion about the `secrets` module? PHP was crucified by security wonks for its horridly naive ways of initializing its PRNGs:
https://media.blackhat.com/bh-us-12/Briefings/Argyros/BH_US_12_Argyros_PRNG_WP.pdf
Please don't even think about making Python a target of similar ridicule ;-)
The only sane approach is to use an _excellent_ source of randomness for initialization, and `urandom()` is the only obvious such source. While the more the merrier, I agree 2500 utterly unpredictable bytes isn't necessary.
If this has to change, use the most possible without creating other problems on a major platform, but certainly no less than 128 crypto-strength bytes.
-1 on any poke-and-hope gibberish trying to brew our own out of time.time(), PID, id(), etc. That stuff is easy for a malicious program to attack. That's why Python switched to using `urandom()` to begin with, before security wonks noticed how poorly most libraries handle this.
It's not about supplying "enough randomness" for applications, it's about making it computationally intractable for well-funded expert attackers to out-guess. That's why urandom() is used.

History
Date	User	Action	Args
2016年06月09日 03:20:49	tim.peters	set	recipients: + tim.peters, vstinner, christian.heimes, martin.panter, dstufft
2016年06月09日 03:20:48	tim.peters	set	messageid: <1465442449.0.0.161949003819.issue27272@psf.upfronthosting.co.za>
2016年06月09日 03:20:48	tim.peters	link	issue27272 messages
2016年06月09日 03:20:48	tim.peters	create

homepage