[issue16184] Attack against the pseudorandom number generator

2012-10-10 Thread Christian Heimes
Christian Heimes added the comment: I'm closing the issue as suggested. I created #16190 in the hope that a documentation update is going to raise awareness. -- resolution: -> rejected stage: -> committed/rejected status: open -> closed ___ Python

[issue16184] Attack against the pseudorandom number generator

2012-10-10 Thread Yury
Yury added the comment: Thank you, you are right. Please close the issue. -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue16184] Attack against the pseudorandom number generator

2012-10-10 Thread Michele OrrĂ¹
Changes by Michele OrrĂ¹ : -- nosy: +maker ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.or

[issue16184] Attack against the pseudorandom number generator

2012-10-10 Thread Georg Brandl
Georg Brandl added the comment: > 1. In spite of the fact that MT states are initialized correctly, > there is a practical method to exploit the vulnerability because of > Python web framework peculiarities. What does this mean exactly? If it means that this predictability can be used for attac

[issue16184] Attack against the pseudorandom number generator

2012-10-10 Thread Christian Heimes
Christian Heimes added the comment: I don't see a problem here. It's a well known and documented fact that a PRNG like a Mersenne-Twister must not be used for any cryptographic purpose. The most of the random module is designed to be deterministic. The global instance even keeps its state afte

[issue16184] Attack against the pseudorandom number generator

2012-10-10 Thread Yury
New submission from Yury: ---[ Vulnerability description] Positive Research experts have detected a vulnerability "Predictable pseudorandom numbers in Python" caused by random.random() output in Python. By default, Mersenne Twister initialization is done during random module import and then a