Yep. You can write anything you want in python. Need a random number... Try this... Perform a database transform 18 times, take the execution times of these, find the min execution time, and Max execution time.
Assign the longest time to be 100% and the shortest to be 0% the remaining 16 passes are then converted to 0 if they are closer to 0 and 1 if closer to 100 Construct a 16 bit number from the 0's and 1's This method, assuming you pick a database or other operation that has an expected time frame which is predictable, but follows a natural distribution, will create truly random 16 bit numbers. Depending on how many bit number you need you can increase the number of numbers generated. If you need a longer random number in low volume you can do a hash of the most recent page added to digg. Construct a random number based on the difference in system time between your server and the client making the request. Suitability for cryptography is a stupid blanket statement: If you need one 128 bit random number you could ask 128 people 1 or 0 and have a suitable number. But because of the way people work if you did that 1 million times you'd find that you don't get good distribution of 1s and 0s. If instead you said give me a number between 1 and 100 and assigned even numbers a 0 and odds a 1 you would get a more random number suitable for 100's of thousands of crypto keys. If you instead took the temperature of 128 people and if the thermometer said an even decimal assigned that a 0 and odd decimals a 1, you would have a random number that would be suitable for millions of random numbers. If you took the hash of a password some one gave you, you'd be good for a few thousand random numbers but would find some passwords came up more than statistically random should.. -Brandon Wirtz Blackwaterops.com -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Anh Hai Trinh Sent: Tuesday, October 06, 2009 8:31 PM To: Google App Engine Subject: [google-appengine] Generate cryptographically secure random number Python random uses the Mersenne Twister RNG, which is "completely unsuitable for cryptographic purposes." [1] AppEngine also includes pyCrypto.randpool, but it needs access to '/ dev/random' because "if it can't get entropy from the OS, it silently produces predictable output." [2] (plus it will be deprecated) So my question is, is it possible to generate cryptographically secure random number in AppEngine? Reference ========= [1] http://docs.python.org/library/random.html [2] http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
