Menu
I came across this question on Stack overflow: How to randomly selection item from a list in Python and they mentioned that it is not suitable for cryptographic/security purposes.
So, I found this page in the official documentation: random - Generate pseudorandom numbers
It mentions that they use a Mersenne twister to generate random numbers.
Isn't Mersenne twister supposed to be a pretty decent random generator (at least that's what I was told in class)? So why can you not use it for security purposes?
754
random() function relies on a weak pseudorandom number generator, this function should not be used for security-critical applications or for protecting sensitive data.
Random numbers and data generated by the random class are not cryptographically protected. An output of all random module functions is not cryptographically secure, whether it is used to create a random number or pick random elements from a sequence.
Most random data generated with Python is not fully random in the scientific sense of the word. Rather, it is pseudorandom: generated with a pseudorandom number generator (PRNG), which is essentially any algorithm for generating seemingly random but still reproducible data.
The random number generator used ( Math. random ) is not cryptographically secure, so it may be possible for an attacker to predict the generated password.
Mersenne twister does a decent job of mimicking statistical properties(*) of randomness, but it is a deterministic algorithm. If two copies are set to the same state, they will produce identical results in synchronization. That means that for crypto/security applications your security is shot if an attacker can determine your initial state. I've read that for MT this can be done by knowledgeable people after six hundred and some sequential observations.
Bottom line - use it for Monte Carlo sampling or stochastic models, but not for crypto.
(*) - Actually, Pierre L'Ecuyer, who is considered one of the foremost researchers on pseudo-random number generation, is not a fan of MT even for Monte Carlo usage. He has shown that while the full cycle is uniformly distributed, zeros in the the internal state tend to be persistent and the generator can get "stuck" for sizeable sub-periods in non-uniform subsequences. He collaborated with the creator of Mersenne Twister to fix these issues in the WELL generator.
199
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
