on the prng behind random.random()
Chris Angelico <rosuav at gmail.com> writes:
> On Tue, Nov 20, 2018 at 7:31 AM Robert Girault <r at dev.null> wrote:
>> Nice. So Python's random.random() does indeed use mt19937. Since it's
>> been broken for years, why isn't it replaced by something newer like
>> ChaCha20? Is it due to backward compatibility? That would make sense.
> What exactly do you mean by "broken"?
I mean the fact that with 624 samples from the generator, you can
determine the rest of the sequence completely.
Sorry about mentioning ChaCha20. That was misleading. I should've said
something newer like mrtg32k3a or xorshift*.
> If you're generating random numbers for any sort of security purpose,
> you probably should look at this:
> (New in 3.6, though, hence the "probably". If you need to support 3.5
> or older - including 2.7 - then you can't use that.)
Thanks for the reference!
I'm not particularly interested in security at the moment, but I would
like an expert's confirmation that some of these algorithms arent't
replaced due to backward compatibility. We could easily replace them,
but I think we shouldn't: some people still depend on these algorithms
for their experiment.
Are there other reasons?