[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

on the prng behind random.random()

Chris Angelico <rosuav at gmail.com> writes:

> On Tue, Nov 20, 2018 at 7:31 AM Robert Girault <r at dev.null> wrote:
>> Nice.  So Python's random.random() does indeed use mt19937.  Since it's
>> been broken for years, why isn't it replaced by something newer like
>> ChaCha20?  Is it due to backward compatibility?  That would make sense.
> What exactly do you mean by "broken"? 

I mean the fact that with 624 samples from the generator, you can
determine the rest of the sequence completely.

Sorry about mentioning ChaCha20.  That was misleading.  I should've said
something newer like mrtg32k3a or xorshift*.

> If you're generating random numbers for any sort of security purpose,
> you probably should look at this:
> https://docs.python.org/3/library/secrets.html
> (New in 3.6, though, hence the "probably". If you need to support 3.5
> or older - including 2.7 - then you can't use that.)

Thanks for the reference!  

I'm not particularly interested in security at the moment, but I would
like an expert's confirmation that some of these algorithms arent't
replaced due to backward compatibility.  We could easily replace them,
but I think we shouldn't: some people still depend on these algorithms
for their experiment.

Are there other reasons?