On Oct 7, 4:07 pm, "Nick Johnson (Google)" <[email protected]> wrote: > Hi Anh, > Good question! There's nothing built directly in, but you have several > options: > - You can implement, or use an existing implementation of a well known > cryptographically secure PRNG, such as Blum Blum Shub. > - You can make use of one of the block ciphers provided by pycrypto to > generate a PRNG stream - just use it in CTR mode with a random key as seed > data. > - You can make use of a secure hash from the hashlib module - again, start > with a random input and increment it for each block of random data. >
Dear Nick, How would you advise implementing any of these approaches in AppEngine. It is difficult because the random number is usually needed as a nonce (not en mass, like in a simulation) and therefore we'll need to maintain the state of the RNG, which is impossible since we can't have long running process in AppEngine. Maybe we can store the counter in the Datastore, and it'll need to be sharded, possibly memcached, and will need to deal with timeout, etc. It is always tricky to roll our own cryptographic implementation, of any kind, securely. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
